• Home
  • ISACA, CRISC
  • A service provider is managing a client’s servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue.

A service provider is managing a client’s servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue.

Posted by: Pdfprep Category: CRISC Tags: , , Post Date: June 16, 2021

A service provider is managing a client’s servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue.

The service provider’s MOST appropriate action would be to:
A . develop a risk remediation plan overriding the client’s decision.
B . ask the client to document the formal risk acceptance for the provider.
C . insist that the remediation occur for the benefit of other customers.
D . make a note for this item in the next audit explaining the situation.

Answer: B

Author

Leave a Reply

Your email address will not be published.