During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
The most effective use of an IS auditor's time during the evaluation of controls over a major application development project would be to review and evaluate project plans. Project plans provide a comprehensive view of the project, including objectives, timelines, resource allocations, and risk management practices. By examining project plans, an IS auditor can better understand the project's governance, assess whether appropriate controls have been integrated throughout the lifecycle, and identify any potential gaps or deficiencies in the control structure.
Reviewing and evaluating project plans is the most effective use of an IS auditor's time when assessing controls over a major application development project. Project plans outline the overall strategy, objectives, timelines, resources, and milestones of the project. By examining project plans, the auditor can gain insight into the project's governance structure, risk management practices, and control mechanisms.
Its about evaluating controls not the project health. So the correct answer is C
D. project plans.
From my perspective project plans give the most overall picture of the application
the evaluation of controls is application test cases.
D: Reviewing and evaluating project plans allows the IS auditor to assess the overall structure and organization of the application development project. It provides insights into the project's scope, objectives, timeline, resource allocation, and management approach. By examining the project plans, the IS auditor can identify potential risks, gaps, or deficiencies in project management practices that could impact the success of the project
the evaluation of controls is application test cases.
Is that answer "C"? I thought Project Plans summarize overall strategy.
it is talking about time efficiency, just like audit plan, it should be D-project plan
Any A? The question is about evaluation of controls that would be used to audit the system and not an evaluation of the system being developed. So in essence, adequacy of the controls.
i will go with c , as project plan is IT Steering Committee Responsibility
The answer sould be C.
test cases have the most relevant information about controls
Answer: C
a & d are not related to evaluation of controls. c is a subset of b, so in order to accurately evulate controls you need to look at acceptance testing
also b should be happening at the end so you have a full idea of what all the controls are to even test
The project plan shows the overall progress, resource allocation, risk management, etc., and provides important information for judging the effectiveness of controls. Although application test cases are also important, the evaluation of the project plan is more effective in understanding the progress and control of the entire project.