December 22, 2021 by Admin
During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would. Which of the following would be the auditor’s BEST course of action?
- Notify management that the risk has been addressed and take no further action.
- Escalate the remaining issue for further discussion and resolution.
- Note that the risk has been addressed and notify management of the inefficiency.
- Insist to management that the original recommendation be implemented.