An IS auditor invited to a development project meeting notes that no project risks have been
documented. When the IS auditor raises this issue, the project manager responds that it is too
early to identify risks and that, if risks do start impactingthe project, a risk manager will be hired.
The appropriate response of the IS auditor would be to:

While evaluating software development practices in an organization, an IS auditor notes that the
quality assurance (QA) function reports to project management. The MOST important concern for
an IS auditor is the:

When reviewing a project where quality is a major concern, an IS auditor should use the project
management triangle to explain that:

An IS auditor is assigned to audit a software development project which is more than 80 percent
complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the
following actions should the IS auditor take?

When reviewing an active project, an IS auditor observed that, because of a reduction in
anticipated benefits and increased costs, the business case was no longer valid. The IS auditor
should recommend that the:

Which of the following should an IS auditor review to understand project progress in terms of time,
budget and deliverables for early detection of possible overruns and for projecting estimates at
completion (EACs)?