You are an information system auditor of HDA Inc. You are currently conducting an audit and have come across a situation where it is revealed that not all security tests were conducted for a recently launched online sales system that has been put into production. In this particular scenario, what would be the most advisable and effective course of action for the auditor to take?