The output of the risk management process is an input for making: A、business plans. B、audit charters. C、security policy decisions. D、software design decisions.