When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
A. implement controls to mitigate the risk.
B. report compliance to management.
C. review the residual risk level.
D. monitor for business changes.
A. implement controls to mitigate the risk.
B. report compliance to management.
C. review the residual risk level.
D. monitor for business changes.