CISSP · Question #1187
When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?
The correct answer is D. Planning. Auditing the SDLC follows its own structured audit lifecycle, which begins with Planning as a high-level phase distinct from SDLC development phases like Requirements.
Question
When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?
Options
- ARequirements
- BRisk assessment
- CDue diligence
- DPlanning
How the community answered
(45 responses)- A2% (1)
- C4% (2)
- D93% (42)
Why each option
Auditing the SDLC follows its own structured audit lifecycle, which begins with Planning as a high-level phase distinct from SDLC development phases like Requirements.
Requirements is a phase of the SDLC development process itself (what developers and stakeholders do), not a high-level phase of the audit of the SDLC.
Risk assessment is a component or activity that may occur within an audit phase, but it is not itself one of the high-level audit phases in the SDLC audit lifecycle.
Due diligence is a concept related to investigative research or vendor/acquisition reviews, not a formally recognized high-level phase in an SDLC audit framework.
Planning is a recognized high-level phase of an SDLC audit engagement, where the auditor defines the audit scope, objectives, resources, and approach before fieldwork begins. This is consistent with audit frameworks such as ISACA's IT audit methodology, which identifies Planning as the foundational phase that precedes evidence gathering and evaluation. It is distinct from the SDLC's own development phases and represents the auditor's preparatory work.
Concept tested: High-level phases of an SDLC audit
Source: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/auditing-the-software-development-life-cycle
Topics
Community Discussion
No community discussion yet for this question.