During a project meeting for the implementation of an enterprise resource planning (ERP). a new requirement is requested by the finance department. Which of the following would BEST indicate to an IS auditor that the resulting risk to the project has been assessed?
The analysis of the cost and time impact of the requirement would best indicate that the resulting risk to the project has been assessed. Assessing risks involves understanding the potential impact on project constraints, such as cost and time. By analyzing these factors, an IS auditor can see that a thorough evaluation of the risks stemming from the new requirement has been undertaken.
They are referring to the risk to the project - scope creep will always result in additional cost and delay in implementation. This directly translate to the risk to the project, which is what the question asked for
B is for risk analysis
While updating business requirements (option C) is also important for ensuring that project deliverables align with stakeholder expectations, it may not directly indicate whether the resulting risk to the project has been assessed. Assessing the cost and time impact of the requirement provides a more concrete indication of risk assessment in terms of project constraints and resource allocation.
C. The updated business requirements
C - is the answer
C is the right answer. The updated business requirements.
C - is the answer