IT management has not implemented action plans for a previous audit report finding and has decided to accept the associated risk. Which of the following is the auditor's BEST course of action?
A.
Document noncompliance with the agreed-upon plan.
B.
Validate compliance with the risk acceptance process.
C.
Update the enterprise risk register to reflect the observation.
D.
Check for implementation of compensating controls.
Organisational management can choose to accept the risk of not implementing certain controls that may apply . With risk acceptance, management acknowledges the risk and agrees to move forward despite the potential impact.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
2 weeks, 2 days ago