An organization is considering the implementation of a business application. The IS auditor should FIRST ensure that:
A. user requirements are used to select the vendor.
B. an approved business case is in place.
C. users are represented on the project management team.
D. security requirements are specified.
A. user requirements are used to select the vendor.
B. an approved business case is in place.
C. users are represented on the project management team.
D. security requirements are specified.