Which of the following is the MOST important factor when determining the frequency of information security risk reassessment?

A. Audit findings
B. Risk priority
C. Mitigating controls
D. Risk metrics