An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?
A.
An agreed action adopted by management.
B.
A condition-based recommendation as an interim solution to correct a current condition.
C.
A cause-based recommendation to prevent inappropriate access being granted again.
A cause-based recommendation aims to address the root cause of an issue to prevent its recurrence. By recommending the removal of inappropriate user access, the audit report is identifying the underlying problem (the granting of inappropriate access) and suggesting a solution that will help prevent this issue from happening again. This type of recommendation is focused on mitigating risks by addressing their causes, thereby strengthening the control environment.
The Institute of Internal Auditors (IIA), Practice Guide on Writing Audit Reports
"Internal Auditing: Assurance and Advisory Services" by Urton L. Anderson et al.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit