An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
A. Plans for mitigating the associated risk
B. Suggestions for improving risk awareness training
C. A recommendation for internal audit validation
D. The impact to the organization’s risk profile
A. Plans for mitigating the associated risk
B. Suggestions for improving risk awareness training
C. A recommendation for internal audit validation
D. The impact to the organization’s risk profile