During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective finding
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones
C. record the observations and the risk arising from the collective weaknesses
D. apprise the departmental heads concerned with each observation and properly document it in the report