To BEST determine if a project is successfully addressing business requirements while managing the associated risk, which of the following should an IS auditor expect to find at each significant milestone?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer is B. Formal acceptance by appropriate stakeholders.
An IS auditor's role is to ensure that projects are completed successfully while addressing business requirements and managing associated risks. To achieve this, the IS auditor should expect to find formal acceptance by appropriate stakeholders at each significant milestone.
Formal acceptance by appropriate stakeholders ensures that the project is progressing according to plan and meeting business requirements. Stakeholders are individuals or groups who have a vested interest in the project's success, such as project sponsors, business owners, and end-users. They have a unique perspective on the project and can provide valuable feedback that can help ensure its success.
At each significant milestone, the IS auditor should expect to find formal acceptance by appropriate stakeholders, which indicates that stakeholders have reviewed the project's progress and agree that it is meeting business requirements while managing associated risks. Formal acceptance typically involves signing off on project deliverables, such as requirements documents, design documents, and testing plans.
Comprehensive end-user acceptance testing (A) is an important component of project success, but it is not sufficient to determine if a project is successfully addressing business requirements while managing associated risks. End-user acceptance testing should be performed throughout the project to ensure that the final product meets end-users' needs.
A revised business impact and risk analysis (C) is necessary when significant changes occur during the project that may impact the business's risk posture. However, it is not necessary at each significant milestone, as long as the project is progressing according to plan and meeting business requirements.
Post-implementation review with affected parties (D) is necessary to assess the project's success after it has been deployed. However, it is not sufficient to determine if a project is successfully addressing business requirements while managing associated risks during the project's development phase.