A regulatory audit assessed an enterprise`s main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following? 

Answer options:

A. Internal audit director
B. CIO
C. The board of directors
D. Application users

A