When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When the inherent risk of a business activity is lower than the acceptable risk level, the best course of action is to review the residual risk level, as stated in option B.
Inherent risk is the level of risk that exists before any control activities have been implemented to mitigate the risk. It is the risk level associated with a specific activity or process if no controls were in place.
Acceptable risk level is the level of risk that an organization is willing to accept for a particular activity. It is determined by the organization's risk appetite and is usually based on factors such as the impact and likelihood of a risk event occurring.
Residual risk is the level of risk that remains after control activities have been implemented. It is the risk that is left over or that cannot be completely eliminated even after controls have been put in place.
Therefore, when the inherent risk of a business activity is lower than the acceptable risk level, it means that the control activities in place have effectively mitigated the risk to an acceptable level. In this scenario, the organization should review the residual risk level to ensure that it is at an acceptable level and that the control activities in place are effective in mitigating the risk.
Option A, monitoring for business changes, may be necessary to ensure that the inherent risk does not increase in the future. However, it is not the best course of action in this scenario.
Option C, reporting compliance to management, is not relevant to the situation described in the question.
Option D, implementing controls to mitigate the risk, is not necessary since the inherent risk is already lower than the acceptable risk level, and the control activities in place are effective.