Certified Information Systems Auditor (CISA) — Question 476

In a typical system development life cycle (SDLC), which group is PRIMARILY responsible for confirming compliance with requirements?

Answer options

• A. Steering committee
• B. Risk management
• C. Quality assurance (QA)
• D. Internal audit

Correct answer: C

Explanation

The correct answer is C, Quality assurance (QA), as this team is specifically tasked with verifying that the system meets all specified requirements. The other options, while involved in various aspects of the project, do not have the primary focus on compliance with requirements as QA does.