A new system has been developed that does not comply with password-aging rules. This noncompliance c

A new system has been developed that does not comply with password-aging rules. This noncompliance can BEST be identified through:

A. a business impact analysis

B. an internal audit assessment

C. an incident management process

D. a progressive series of warnings