When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is D. The IS auditor should be most concerned if the scope of quality assurance activities is undefined when auditing a quality assurance plan.
Explanation:
A quality assurance plan is a set of procedures and processes designed to ensure that products or services meet specific quality requirements. The purpose of quality assurance is to identify defects and prevent errors or defects from occurring. The IS auditor is responsible for ensuring that the quality assurance plan is effective, efficient, and relevant to the organization's goals and objectives.
Option A: Quality assurance function is separate from the programming function. This is not a concern as separation of duties is a common practice in IT organizations to prevent conflicts of interest and ensure objectivity.
Option B: SDLC is coupled with the quality assurance plan. This is not a concern as quality assurance should be an integral part of the SDLC to ensure that the products or services are meeting the required quality standards.
Option C: Quality assurance function is periodically reviewed by internal audit. This is a good practice as it ensures that the quality assurance plan is effective and efficient. However, this option does not indicate any specific concern for the IS auditor.
Option D: Scope of quality assurance activities is undefined. This is a major concern for the IS auditor as it indicates that there are no clear objectives or guidelines for the quality assurance plan. Without clear objectives, the quality assurance plan may not effectively address the organization's needs, resulting in poor quality products or services. The IS auditor should ensure that the scope of quality assurance activities is well-defined, and the plan is aligned with the organization's goals and objectives.