When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
A、controls needed to mitigate risks are in place.
B、vulnerabilities and threats are identified.
C、audit risks are considered.
D、a gap analysis is appropriate.