During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A��、create the procedures document.
B�����、terminate the audit.
C���、conduct compliance testing.
D����、identify and evaluate existing practices.
