An IS auditor is asked to review a large organization`s change management process. Which of the following practices presents the GREATEST risk? 

Answer options:

A. Emergency code changes are promoted without user acceptance testing.
B. A system administrator performs code migration on planned downtime.
C. Change management tickets do not contain specific documentation.
D. Transaction data changes can be made by a senior developer.

C