CISA Certified Information Systems Auditor – Question2821 - CISA Certified Information Systems Auditor

At the completion of a system development project, a post project review should include which of the following?

A. Assessing risks that may lead to downtime after the production release
B. Identifying lessons learned that may be applicable to future projects
C. Verifying the controls in the delivered system are working
D. Ensuring that test data are deleted

Correct Answer: B

Explanation:

Explanation:
A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects. An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the post implementation review. Test data should be retained for future regression testing.