A cоmpаny implements strоng Cоntrol Activities for sustаinаbility reporting — detailed verification procedures, dual approvals, and data validation checks. However, its risk assessment has not been updated in three years, and no mechanism exists to evaluate whether the control activities are functioning as designed. COSO ICSR would most likely conclude: