Certified Information Systems Auditor (CISA) — Question 157

In a review of the organization standards and guidelines for IT management, which of the following should be included in an IS development methodology?

Answer options

• A. Risk management techniques
• B. Access control rules
• C. Value-added activity analysis
• D. Incident management techniques

Correct answer: A

Explanation

Risk management techniques are essential in an IS development methodology as they help identify, assess, and mitigate risks throughout the project lifecycle. While access control rules, value-added activity analysis, and incident management techniques are important components of IT management, they do not specifically address the overarching need to manage risks within the development process.