Rather than decommission an entire legacy application, an organization's IT department has chosen to replace specific modules while maintaining those still relevant.
Which of the following artifacts is MOST important for an IS auditor to review?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is D. Future state architecture and requirements.
Explanation:
When an organization chooses to replace specific modules of a legacy application instead of decommissioning the entire application, the IS auditor should focus on the future state architecture and requirements to ensure that the organization's goals are met. The IS auditor should review the plans for the replacement modules, their integration with the existing modules, and the impact of the replacement on the overall system.
Reviewing the IT service management catalog and service level requirements (option A) would be important if the organization was planning to outsource the replacement of the modules, but this option does not address the internal changes made by the IT department.
Security requirements for legacy data masking and data destruction (option B) would be important if the organization planned to decommission the entire legacy application. Since the organization is only replacing certain modules, this option is not as relevant.
Applicable licensing agreements for the application (option C) would be important if the organization was planning to purchase a new application, but this option does not address the internal changes made by the IT department.
In summary, the IS auditor should focus on the future state architecture and requirements to ensure that the organization's goals are met when specific modules of a legacy application are being replaced.