In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?

A. Risk questionnaire
B. Risk register
C. Compliance manual
D. Management assertion