The PRIMARY objective of an audit of IT security policies is to ensure that:
A、they are distributed and available to all staff.
B、security and control policies support business and IT objectives.
C、there is a published organizational chart with functional descriptions.
D、duties are appropriately segregated.