When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
A. monitor for business changes
B. review the residual risk level
C. report compliance to management
D. implement controls to mitigate the risk
A. monitor for business changes
B. review the residual risk level
C. report compliance to management
D. implement controls to mitigate the risk