Risk and Control Monitoring and Reporting
You are the risk manager at a financial institution that processes online transactions. The organization relies on a legacy system for transaction authorization, which is monitored via manual log reviews performed weekly by a junior analyst. Recently, the internal audit team identified that several unauthorized transactions were not detected for over two weeks. The logs showed that the authorization control failed intermittently due to a known software bug, but the bug had been documented in the risk register with a low residual risk rating. The CRO asks you to recommend the most effective improvement to the control monitoring process. Which of the following would be the BEST course of action?