CISA Certified Information Systems Auditor – Question0404

In an IS auditor's review of an organization's configuration management practices for software, which of the following is MOST important?

A.
Service level agreements (SLAs) between the IT function and users
B. Post-implementation review reports from development efforts
C. Organizational policies related to release management
D. Software rental contracts or lease agreements

Correct Answer: C