An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees. This situation would be considered:

A. a risk
B. an incident
C. a threat
D. a vulnerability