Certified Information Systems Auditor (CISA) — Question 520

During the post-implementation review of an application that was implemented six months ago, which of the following would be MOST helpful in determining whether the application meets business requirements?

Answer options

• A. Project closure report and lessons-learned documents from the project management office (PMO)
• B. User acceptance testing (UAT) results and sign-off from users on meeting business requirements
• C. Difference between approved budget and actual project expenditures determined post implementation
• D. Comparison between expected benefits from the business case and actual benefits after implementation

Correct answer: D

Explanation

The correct answer is D because comparing the expected benefits with the actual outcomes directly measures the application's effectiveness in meeting business objectives. Options A and B, while useful, do not provide a definitive metric of success relative to business requirements. Option C focuses on financial performance rather than the application's alignment with business goals.