Which of the following is the STRONGEST indication that controls implemented as part of a risk action plan are not effective?
A. A security breach occurs.
B. Internal audit identifies recurring exceptions.
C. Changes are put into production without management approval.
D. A sample is used to validate the action plan.
A. A security breach occurs.
B. Internal audit identifies recurring exceptions.
C. Changes are put into production without management approval.
D. A sample is used to validate the action plan.