Notifying the audit committee (option A) is important, but it is typically done after the immediate risk mitigation steps have been taken. The audit committee may need to be informed about the vulnerability, its impact, and the actions taken or planned to address it.
A is the correct answer,By notifying the appropriate personnel, they can take immediate action to remediate the vulnerability and prevent any potential damage to the organization and its customers. Once the vulnerability has been addressed, the auditor can then review security incident reports (option B) and identify compensating controls (option C) as part of the audit process. Documenting the exception in an audit report (option D) would be appropriate after the vulnerability has been addressed and the audit is complete
Could the answer be C as auditor can find compensating controls before notifying audit committee?
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Greensign
Highly Voted 2 years, 3 months agoSwallows
Most Recent 5 months, 3 weeks ago3008
1 year, 4 months agoJONESKA
1 year, 5 months ago007Georgeo
1 year, 7 months agom4s7er
1 year, 11 months agogomboragchaa
2 years agoDeeplaxmi
2 years, 3 months agoMunaM
2 years, 3 months ago