CISA Certified Information Systems Auditor – Question2810

Which of the following risks could result from inadequate software baselining?

A.
Scope creep
B. Sign-off delays
C. Software integrity violations
D. inadequate controls

Correct Answer: A

Explanation:

Explanation:
A software baseline is the cut-off point in the design and development of a system beyond which additional requirements or modifications to the design do not or cannot occur without undergoing formal strict procedures for approval based on a business costbenefit analysis. Failure to adequately manage the requirements of a system through baselining can result in a number of risks. Foremost among these risks is scope creep, the process through which requirements change during development. Choices, C and D may not always result, but choice A is inevitable.