The PRIMARY objective of an audit of IT security policies is to ensure that: 
A、they are distributed and available to all staff. 
B、security and control policies support business and IT objectives. 
C、there is a published organizational chart with functional descriptions. 
D、duties are appropriately segregated.