During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would.
Which of the following would be the auditor’s BEST course of action?
A. Notify management that the risk has been addressed and take no further action.
B. Escalate the remaining issue for further discussion and resolution.
C. Note that the risk has been addressed and notify management of the inefficiency.
D. Insist to management that the original recommendation be implemented.
Which of the following would be the auditor’s BEST course of action?
A. Notify management that the risk has been addressed and take no further action.
B. Escalate the remaining issue for further discussion and resolution.
C. Note that the risk has been addressed and notify management of the inefficiency.
D. Insist to management that the original recommendation be implemented.