Certified Information Systems Auditor (CISA) — Question 730

An IS auditor should look for which of the following to ensure the risk associated with scope creep has been mitigated during software development?

Answer options

• A. Source code version control
• B. Project change management controls
• C. Existence of an architecture review board
• D. Configuration management

Correct answer: B

Explanation

The correct answer is B, as effective project change management controls help manage and document changes to project scope, thereby mitigating risks associated with scope creep. The other options, while important for various aspects of software development, do not specifically address the management of changes to the project scope.