During an audit of the logical access control of an ERP financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities. These accounts allow access to financial transactions on the ERP. What should the IS auditor do next?
A、Look for compensating controls.
B、Review financial transactions logs.
C、Review the scope of the audit.
D、Ask the administrator to disable these accounts.