Which of the following is the MOST significant risk an IS auditor should consider when reviewing a credit card company’s application system?

A. Data privacy
B. Processing times
C. System availability
D. Credit ratings