During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed.

During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed.

The auditor should:
A . recommend an independent assessment by a third party
B . report the disagreement according to established procedures
C . follow-up on the finding next year
D . accept the auditee’s position and close the finding

View Answer

Answer: A