Certified Information Systems Auditor (CISA) — Question 1056

At which stage of the system development life cycle (SDLC) is it MOST beneficial to perform a risk assessment?

Answer options

• A. Prior to system development
• B. At each stage of the life cycle
• C. During business case development
• D. Prior to system deployment

Correct answer: A

Explanation

Performing a risk assessment prior to system development allows for identifying potential risks early, which can lead to better planning and mitigation strategies. Conducting assessments at each stage, while beneficial, may not be as effective as addressing risks upfront. Evaluating risks during business case development or prior to deployment may miss critical issues that could have been resolved earlier.