Which of the following is the auditor’s BEST course of action?

An IS auditor has assessed a payroll service provider’s security policy and finds significant topics are missing.

Which of the following is the auditor’s BEST course of action?
A . Recommend the service provider update their policy.
B . Notify the service provider of the discrepancies.
C . Report the risk to internal management.
D . Recommend replacement of the service provider.

View Answer

Answer: C