CISA Question #407: Real Exam Question with Answer & Explanation

Sign in or unlock CISA to reveal the answer and full explanation for question #407. The question stem and answer options stay visible for context.

Submitted by omar99· Apr 18, 2026Information Systems Acquisition, Development, and Implementation

Question

An IS auditor discovers that an organization lacks a formal requirements validation process before software development starts. Which of the following is the PRIMARY risk associated with this deficiency?

Options

ACompromised quality control efforts, resulting in more defects in the final product
BIncreased likelihood of scope creep, leading to project delays and cost overruns
CDifficulty of effective resource allocation by project managers, impacting availability of staff
DReduced communications between developers and stakeholders, resulting in slower adoption

Unlock CISA to see the answer

You've previewed enough free CISA questions. Unlock CISA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISA - $49.99 / 30 days Sign in

Topics

#Requirements Validation#Software Development Risks#Scope Creep#SDLC Controls

Full CISA Practice Browse All CISA Questions