nerdexam
(ISC)2

CISSP · Question #1187

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

The correct answer is D. Planning. Auditing the SDLC follows its own structured audit lifecycle, which begins with Planning as a high-level phase distinct from SDLC development phases like Requirements.

Submitted by rania.sa· Mar 5, 2026Security Assessment and Testing

Question

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

Options

  • ARequirements
  • BRisk assessment
  • CDue diligence
  • DPlanning

How the community answered

(45 responses)
  • A
    2% (1)
  • C
    4% (2)
  • D
    93% (42)

Why each option

Auditing the SDLC follows its own structured audit lifecycle, which begins with Planning as a high-level phase distinct from SDLC development phases like Requirements.

ARequirements

Requirements is a phase of the SDLC development process itself (what developers and stakeholders do), not a high-level phase of the audit of the SDLC.

BRisk assessment

Risk assessment is a component or activity that may occur within an audit phase, but it is not itself one of the high-level audit phases in the SDLC audit lifecycle.

CDue diligence

Due diligence is a concept related to investigative research or vendor/acquisition reviews, not a formally recognized high-level phase in an SDLC audit framework.

DPlanningCorrect

Planning is a recognized high-level phase of an SDLC audit engagement, where the auditor defines the audit scope, objectives, resources, and approach before fieldwork begins. This is consistent with audit frameworks such as ISACA's IT audit methodology, which identifies Planning as the foundational phase that precedes evidence gathering and evaluation. It is distinct from the SDLC's own development phases and represents the auditor's preparatory work.

Concept tested: High-level phases of an SDLC audit

Source: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/auditing-the-software-development-life-cycle

Topics

#SDLC audit#audit phases#planning

Community Discussion

No community discussion yet for this question.

Full CISSP Practice