CISA Question #221: Real Exam Question with Answer & Explanation

The correct answer is D: Comparing planned versus actual return on investment (ROI). Comparing planned versus actual ROI directly measures whether an IT project delivered the financial and business value it promised, making it the most direct method for evaluating benefits realized. SDLC process reviews (A) assess how a project was built, not whether it delivered

Submitted by weili_xi· Apr 18, 2026Governance and Management of IT

Question

Which of the following is MOST helpful for evaluating benefits realized by IT projects?

Options

AReviewing system development life cycle (SDLC) processes
BEvaluating compliance with key security controls
CBenchmarking IT project management practices with industry peers
DComparing planned versus actual return on investment (ROI)

Explanation

Comparing planned versus actual ROI directly measures whether an IT project delivered the financial and business value it promised, making it the most direct method for evaluating benefits realized. SDLC process reviews (A) assess how a project was built, not whether it delivered value post-implementation. Security control compliance (B) measures risk posture, not business outcomes. Benchmarking against peers (C) evaluates process maturity and relative performance, but tells you nothing about whether this specific project met its own benefit targets.

Memory tip: "Benefits realized" = outcomes vs. expectations. ROI is the only choice that compares what was delivered against what was promised - all other options measure process quality or compliance, not outcomes.

Topics

#Project evaluation#Benefits realization#Return on Investment (ROI)#Post-implementation review

Community Discussion

No community discussion yet for this question.

Full CISA Practice Browse All CISA Questions