While evaluating software development practices in an organization, an IS auditor notes that the
quality assurance (QA) function reports to project management. The MOST important concern for
an IS auditor is the:

An IS auditor invited to a development project meeting notes that no project risks have been
documented. When the IS auditor raises this issue, the project manager responds that it is too early
to identify risks and that, if risks do start impactingthe project, a risk manager will be hired. The
appropriate response of the IS auditor would be to:

An IS auditor has been asked to participate in project initiation meetings for a critical project. The
IS auditor’s MAIN concern should be that the:

At the completion of a system development project, a postproject review should include which of
the following?

When identifying an earlier project completion time, which is to be obtained by paying a premium
for early completion, the activities that should be selected are those:

To minimize the cost of a software project, quality management techniques should be applied:

Which of the following should an IS auditor review to gain an understanding of the effectiveness of
controls over the management of multiple projects?

Which of the following is a characteristic of timebox management?

When planning to add personnel to tasks imposing time constraints on the duration of a project,

which of the following should be revalidated FIRST?

An IS auditor finds that a system under development has 12 linked modules and each item of data
can carry up to 10 definable attribute fields. The system handles several million transactions a year.
Which of these techniques could an IS auditor use to estimate the size of the development effort?