According to IIA guidance,when performing a compliance audit of data security standards for a large e- commerce retailer, which of the following would represent the least likely area of risk exposure?
A. Operational risks.
B. Change or configuration risks.
C. Access risks.
D. Physical security risks.