Certified Information Systems Auditor (CISA) — Question 1046

An IS auditor is performing a project review and finds that scope reductions have been made without proper authorization. The IS auditor should be MOST concerned that:

Answer options

• A. there could be significant delays in project completion.
• B. the project has not followed project management standards.
• C. project costs could increase above the original project budget.
• D. anticipated business functionality may not be delivered.

Correct answer: D

Explanation

The correct answer is D because unauthorized scope changes can lead to the omission of critical features that are necessary for business functionality. While delays (A), budget increases (C), and adherence to standards (B) are also important, the immediate risk is that the project's objectives may not be fully met, impacting business operations.