A risk mitigation action plan is a document that specifies the actions to be taken to address the identified risks, the resources required, the timelines, the owners, and the expected outcomes. The risk owner is the person who has the authority and accountability to manage the risk and its response. The risk practitioner is the person who supports the risk owner in the risk management process. The best course of action for the risk practitioner when the manager of a risk mitigation action plan is replaced and a new control is implemented is to communicate the decision to the risk owner for approval. This will ensure that the risk owner is aware of the change, agrees with the new control, and approves the modification of the action plan. The other options are not the best course of action, as they may not involve the risk owner, who is ultimately responsible for the risk and its response. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 3, Section 3.1.1.1, pp. 95-96.