An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:
A、more than one individual can claim to be a specific user.
B、there is no way to limit the functions assigned to users.
C、user accounts can be shared.
D、users have a need-to-know privilege.