When conducting a risk analysis the audit team begins with identifying threats and potential impacts of those threats of those threats becoming realized. What is the next step? A. Inform executive management of the threats and impacts found in the risk analysis B. Identify and evaluate the existing controls of the organization C. Determine appropriate security controls to mitigate the identified threats and vulnerabilities D. Implement appropriate security controls to protect the organization from the identified threats and vulnerabilities E. A & C F. C & D