The internal auditor at Company ABC has completed the annual audit of the company’s financial
system. The audit report indicates that the accounts receivable department has not followed
proper record disposal procedures during a COOP/BCP tabletop exercise involving manual
processing of financial transactions.
Which of the following should be the Information Security Officer’s (ISO’s) recommendation?
(Select TWO).

A.
Wait for the external audit results

B.
Perform another COOP exercise

C.
Implement mandatory training

D.
Destroy the financial transactions

E.
Review company procedures