An organization has agreed to perform remediation related to high risk audit findings. The remediation process involves a complex reorganization of user roles as well as the implementation of several compensating controls that may not be completed within the next audit cycle. Which of the following is the BEST way for an IS auditor to follow up on the activities?
A. Review the progress of remediation on a regular basis.
B. Provide management with a remediation timeline and verify adherence.
C. Continue to audit the failed controls according to the audit schedule.
D. Schedule a review of the controls after the projected remediation date.
A. Review the progress of remediation on a regular basis.
B. Provide management with a remediation timeline and verify adherence.
C. Continue to audit the failed controls according to the audit schedule.
D. Schedule a review of the controls after the projected remediation date.