Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit?
A. Report this matter to the audit committee without notifying executive management.
B. Document in the audit report that management has accepted the residual risk and take no further actions.
C. Report the issue to the audit committee in a joint meeting with executive management for resolution.
D. Schedule another meeting with executive management to convince them of taking action as recommended.
A. Report this matter to the audit committee without notifying executive management.
B. Document in the audit report that management has accepted the residual risk and take no further actions.
C. Report the issue to the audit committee in a joint meeting with executive management for resolution.
D. Schedule another meeting with executive management to convince them of taking action as recommended.