Describe a time you identified a critical vulnerability during a system assessment. How did you document and report the risk?