By evaluating application development projects against the capability maturity model (CMM), an IS auditor
should be able to verify that:

A.
reliable products are guaranteed.

B.
programmers’ efficiency is improved.

C.
security requirements are designed.

D.
predictable software processes are followed.

Explanation:
By evaluating the organization’s development projects against the CMM, an IS auditor determines whether the
development organization follows a stable, predictable software process. Although the likelihood of success
should increase as the software processes mature toward the optimizing level, mature processes do not
guarantee a reliable product. CMM does not evaluate technical processes such as programming nor does it
evaluate security requirements or other application controls.