During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:
A. recommend an independent assessment by a third party
B. report the disagreement according to established procedures
C. follow-up on the finding next year
D. accept the auditee’s position and close the finding
A. recommend an independent assessment by a third party
B. report the disagreement according to established procedures
C. follow-up on the finding next year
D. accept the auditee’s position and close the finding