During a follow-up audit, an IS auditor finds that the auditee has updated virus scanner definitions without adopting the original audit recommendation to increase the frequency of using the scanner. The MOST appropriate action for the auditor is to:
A. prepare a follow-up audit report reiterating the recommendation.
B. escalate the issue to senior management.
C. modify the audit opinion based on the new information available.
D. conclude that the residual risk is beyond tolerable levels of risk.
A. prepare a follow-up audit report reiterating the recommendation.
B. escalate the issue to senior management.
C. modify the audit opinion based on the new information available.
D. conclude that the residual risk is beyond tolerable levels of risk.