When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
Click on the arrows to vote for the correct answer
A. B. C. D.C.
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to review the residual risk level. Therefore, option C is the correct answer.
Explanation:
Inherent risk refers to the level of risk that exists before implementing any controls to mitigate the risk. On the other hand, residual risk refers to the level of risk that remains after implementing controls. Acceptable risk level is the level of risk that the organization is willing to accept for a particular business activity.
If the inherent risk of a business activity is lower than the acceptable risk level, it means that the controls in place are effective in mitigating the risk to an acceptable level. However, it is still important to review the residual risk level to ensure that the controls are working effectively and there are no new risks that have emerged due to changes in the business environment.
Therefore, the best course of action would be to review the residual risk level to ensure that the organization is aware of any residual risks that may still exist, and to take appropriate action to mitigate those risks if necessary. This will help the organization to ensure that the risk level remains within the acceptable range and that it is not exposed to any unnecessary risks.
Option A, which suggests implementing controls to mitigate the risk, is not the best course of action in this scenario because the controls are already in place and are effective in mitigating the risk.
Option B, which suggests reporting compliance to management, is not the best course of action because compliance is not the primary concern in this scenario. The focus should be on ensuring that the residual risk level is within the acceptable range.
Option D, which suggests monitoring for business changes, is also not the best course of action in this scenario because the risk level is already within the acceptable range. However, monitoring for business changes is a good practice and should be done regularly to ensure that the risk level remains within the acceptable range.