CISA Certified Information Systems Auditor – Question0378

An organization is considering the implementation of a business application. The IS auditor should FIRST ensure that:

A.
user requirements are used to select the vendor.
B. an approved business case is in place.
C. users are represented on the project management team.
D. security requirements are specified.

Correct Answer: D