Certified Information Systems Auditor (CISA) — Question 412

An IS auditor is reviewing an origination’s release management practices and observes inconsistent and inaccurate estimation of the size and complexity of business application development projects. Which of the following should the auditor recommend to address this issue?

Answer options

• A. Agile development approach
• B. Critical path methodology
• C. Rapid application development
• D. Function point analysis

Correct answer: D

Explanation

Function point analysis is a standardized method for measuring the size and complexity of software, making it ideal for accurate project estimation. The other options focus on development methodologies or project management techniques but do not specifically address the measurement of application size and complexity.