Which of the following should an IS auditor expect to find when reviewing IT security policy?

A. Assigned responsibility for safeguarding company assets
B. A risk-based classification of systems
C. An inventory of information assets
D. Virus protection implementation strategies