Certified Information Systems Auditor (CISA) — Question 358

Which of the following controls associated with software development would be classified as a preventive control to address scope creep?

Answer options

• A. Iteration retrospective
• B. System demo
• C. Iteration review
• D. Backlog grooming

Correct answer: D

Explanation

Backlog grooming is a preventive control because it involves regularly updating and prioritizing the backlog to ensure that only necessary features are included, thereby preventing scope creep. The other options, such as iteration retrospective, system demo, and iteration review, are more focused on reflection and evaluation rather than actively preventing changes to scope.