An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?
According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?