In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:
A. mark the recommendation as satisfied and close the finding
B. verify if management’s action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee
A. mark the recommendation as satisfied and close the finding
B. verify if management’s action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee