Exam CISA topic 1 question 13 discussion

Reviewing and evaluating project plans is the most effective use of an IS auditor's time when assessing controls over a major application development project. Project plans outline the overall strategy, objectives, timelines, resources, and milestones of the project. By examining project plans, the auditor can gain insight into the project's governance structure, risk management practices, and control mechanisms.

Acceptance testing is a critical stage in application development that verifies whether the application meets its intended requirements and functions correctly. Reviewing acceptance testing allows the IS auditor to confirm that the final product aligns with user requirements and specifications. This is a key control for ensuring application quality, functionality, and readiness for production, making it the most effective focus for an IS auditor’s time.

C. because "evaluation of controls". while D. for project management

The project plan shows the overall progress, resource allocation, risk management, etc., and provides important information for judging the effectiveness of controls. Although application test cases are also important, the evaluation of the project plan is more effective in understanding the progress and control of the entire project.

a & d are not related to evaluation of controls. c is a subset of b, so in order to accurately evulate controls you need to look at acceptance testing

Answer: C

test cases have the most relevant information about controls

The answer sould be C.

i will go with c , as project plan is IT Steering Committee Responsibility

Any A? The question is about evaluation of controls that would be used to audit the system and not an evaluation of the system being developed. So in essence, adequacy of the controls.

it is talking about time efficiency, just like audit plan, it should be D-project plan

Its about evaluating controls not the project health. So the correct answer is C

D: Reviewing and evaluating project plans allows the IS auditor to assess the overall structure and organization of the application development project. It provides insights into the project's scope, objectives, timeline, resource allocation, and management approach. By examining the project plans, the IS auditor can identify potential risks, gaps, or deficiencies in project management practices that could impact the success of the project

the evaluation of controls is application test cases.

the evaluation of controls is application test cases.

From my perspective project plans give the most overall picture of the application

D. project plans.