An IS auditor is reviewing an organization's overall incident response capability following recovery from a cuber security incident. Which of the following findings should be of MOST concern to the auditor?

A、The incident was caused by a known vulnerability with a documented risk acceptance.
B、Risk analysis errors were identified as part of the post-incident review.
C、Logs were only collected as part of the post-incident review.
D、Lessons learned were not documented after the incident.