Certified Information Systems Auditor (CISA) — Question 1101

An IS auditor is reviewing an organization’s system development life cycle (SDLC). Which of the following MUST be included in the review?

Answer options

• A. Ownership of the system quality management plan
• B. Utilization of standards in the system development processes and procedures
• C. Validation that system development processes adhere to quality standards
• D. Definition of quality attributes to be associated with the system

Correct answer: B

Explanation

Option B is correct because adhering to established standards is crucial in system development processes to ensure consistency and quality. Options A, C, and D, while important, do not directly address the necessity of utilizing standards in the development processes, which is fundamental to ensure compliance and effectiveness.