As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following would be the BEST course of action for the IS auditor?
A. Accept the auditee’s response and perform additional testing.
B. Conduct further discussions with the auditee to develop a mitigation plan.
C. Suggest hiring a third-party consultant to perform a current state assessment.
D. Issue a final report without including the opinion of the auditee.
A. Accept the auditee’s response and perform additional testing.
B. Conduct further discussions with the auditee to develop a mitigation plan.
C. Suggest hiring a third-party consultant to perform a current state assessment.
D. Issue a final report without including the opinion of the auditee.