Certified Information Systems Auditor (CISA) — Question 204

Which of the following should be of GREATEST concern to an IS auditor reviewing a system software development project based on agile practices?

Answer options

• A. Lack of change management documentation
• B. Lack of user acceptance testing (UAT) sign off
• C. Lack of weekly production releases
• D. Lack of secure coding practices

Correct answer: D

Explanation

The absence of secure coding practices is the most significant concern because it directly impacts the security of the system, exposing it to potential vulnerabilities. While lack of change management documentation and UAT sign-off are important, they do not pose an immediate risk to the system's security. Weekly production releases are less critical compared to ensuring that the code is developed securely.