You are an information system auditor of HDA Inc. You discover during a follow-up audit that certain recommendations were not implemented, and senior management accepted the risks associated with those recommendations. What is the IS auditor's BEST course of action?