While following up on a prior audit report, an IS auditor determines that a number of recommendations to address critical findings have not been implemented as agreed. What is the BEST course of action for the auditor?
A. Reclassify the risk ratings of the original findings.
B. Propose revised implementation timelines.
C. Escalate to the appropriate level of management.
D. Revise the scope of the follow-up audit
A. Reclassify the risk ratings of the original findings.
B. Propose revised implementation timelines.
C. Escalate to the appropriate level of management.
D. Revise the scope of the follow-up audit