Certified Information Systems Auditor (CISA) — Question 1278

Evaluating application development projects against a defined maturity model enables an IS auditor to determine whether:

Answer options

• A. effective security requirements have been designed
• B. the development function’s processes are efficient
• C. the development function follows a robust process
• D. the development project is likely to achieve its objectives

Correct answer: C

Explanation

The correct answer, C, indicates that a maturity model helps in evaluating whether the development function adheres to a strong process, which is essential for ensuring quality and compliance. Options A and B focus on security and efficiency, which are important but not the primary focus of a maturity model. Option D speaks to achieving objectives, but it does not specifically address the robustness of the processes involved.