An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task? 
A、Report the risks to the CIO and CEO immediately 
B、Examine e-business application in development 
C、Identify threats and likelihood of occurrence 
D、Check the budget available for risk management