Question 299:
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
Answer options:
A. monitor for business changes B. review the residual risk level C. report compliance to management D. implement controls to mitigate the risk