Certified Information Systems Auditor (CISA) — Question 1060

During the evaluation of controls for a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:

Answer options

• A. requirements documentation.
• B. acceptance testing.
• C. project plans.
• D. cost-benefit analysis.

Correct answer: A

Explanation

Reviewing requirements documentation is crucial as it sets the foundation for the entire project and ensures that all necessary controls are included from the start. While acceptance testing, project plans, and cost-benefit analysis are important, they come later in the development process and do not directly influence control effectiveness as early requirements do.