After obtaining an understanding of the entity's internal control and assessing control risk, an auditor of a non-public company decided not to perform additional tests of controls. The auditor most likely concluded that the:
a) Internal controls are ineffective
b) Risk of material misstatement is low
c) Risk of fraud is high
d) Client's financial statements are accurate