An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task?
A、Report the risks to the CIO and CEO immediately
B、Examine e-business application in development
C、Identify threats and likelihood of occurrence
D、Check the budget available for risk management