A review of an organization’s controls has determined its data loss prevention (DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

A. Risk appetite
B. Residual risk
C. Key risk indicators (KRIs)
D. Inherent risk