An IS auditor observed that most users do not comply with physical access controls. The business manager has explained that the control design is inefficient. What is the auditor’s BEST course of action?
A. Recommend changing the access control process to increase efficiency.
B. Identify the impact of control failure and report the finding with a risk rating.
C. Redesign and retest the physical access control.
D. Work with management to design and implement a better control.
A. Recommend changing the access control process to increase efficiency.
B. Identify the impact of control failure and report the finding with a risk rating.
C. Redesign and retest the physical access control.
D. Work with management to design and implement a better control.