Certified in Risk and Information Systems Control (CRISC) — Question 1019

As part of software development projects, risk assessments are MOST effective when performed:

Answer options

• A. throughout the system development life cycle (SDLC).
• B. before the decision is made to develop or acquire the software.
• C. during system deployment and maintenance.
• D. before developing the project charter for the software.

Correct answer: A

Explanation

The correct answer is A because risk assessments are most beneficial when integrated throughout the entire SDLC, allowing for ongoing identification and management of risks. Option B suggests assessing risks only before development, which may overlook ongoing risks that arise during the SDLC. Options C and D also limit risk assessments to specific phases, missing the continuous nature of effective risk management.