The issue write-up below is missing what element of a finding? The Information Security Policy requires individual user accounts to be associated with an active employee or authorized contractor. However, a comparison of 500 individual accounts to an extract from the HR database found 15 (3%) accounts were not traceable to either an employee or approved contractor. User accounts not associated with verifiable individuals may impede the effectiveness of controls to ensure accountability for actions within the system. Management should strengthen controls over user account creation and reauthorization procedures. Mary Watson, Director of Information Security, will implement an Identity and Access Management tool, which will automate account management processes. Ms. Watson will provide a corrective action response by November 30, 2021. Criteria Cause Consequence Corrective Action Condition