An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:
A. stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans
B. accept the project manager's position as the project manager is accountable for the outcome of the project
C. offer to work with the risk manager when one is appointed
D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project