You are an information system auditor of HDA Inc., and you are auditing a financial application. During the audit, it has been discovered that many terminated users' accounts were not disabled. What should be your next step as an IS auditor in this situation?