While evaluating software development practices in an organization, an IS auditor notes that the quality
assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:

An IS auditor invited to a development project meeting notes that no project risks have been documented.
When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that,
if risks do start impactingthe project, a risk manager will be hired. The appropriate response of the IS auditor
would be to:

An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s
MAIN concern should be that the:

At the completion of a system development project, a postproject review should include which of the following?

When identifying an earlier project completion time, which is to be obtained by paying a premium for early
completion, the activities that should be selected are those:

To minimize the cost of a software project, quality management techniques should be applied:

Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls
over the management of multiple projects?

Which of the following is a characteristic of timebox management?

When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the
following should be revalidated FIRST?

An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up
to 10 definable attribute fields. The system handles several million transactions a year. Which of these
techniques could an IS auditor use to estimate the size of the development effort?