Certified Information Systems Auditor (CISA) — Question 551
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?
Answer options
- A. Sign-off from the IT team
- B. Quality assurance (QA) review
- C. Ongoing participation by relevant stakeholders
- D. Expected deliverables meeting project deadlines
Correct answer: C
Explanation
Ongoing participation by relevant stakeholders allows for real-time feedback and adjustments to requirements, minimizing the impact of changes. In contrast, sign-off from the IT team does not ensure ongoing communication, a QA review is more focused on final product quality rather than requirement changes, and meeting project deadlines does not address the adaptability needed for evolving requirements.