When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to: 

Answer options:

A. monitor for business changes
B. review the residual risk level
C. report compliance to management
D. implement controls to mitigate the risk

B