After performing a gap analysis of IT risks and controls capability, the MOST important consideration for the associated risk responses is that they are: 

Answer options:

A. added to the IT balanced scorecard.
B. approved by executive management.
C. assessed for severity of impact.
D. submitted to the audit committee.

C