An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings? 

Answer options:

A. Monitor and notify IT staff of critical patches.
B. Evaluate patch management training.
C. Perform regular audits on the implementation of critical patches.
D. Assess the patch management process.

B