What would the IS auditor most likely to do under these circumstances?
When reviewing a application development project, an IS auditor finds that the project team is skipping the validation and verification processes to meet the project deadlines.
A. Report the risks associated with such process to IT Strategy Committee. B. Report the risks associated with such process to IT Steering Committee. C. Report the risks associated with such process to board. D. Report the risks associated with such process to project team.
Option B is correct - Report the risk associated with such process to IT steering committee.
If the IS auditor notice that the projectteam is skipping the validation and verification process to meet up with deadline, the risk of such cases should be reported to the IT steering committee.
Quality processes should be carried out on each project and not be ignored in order to prevent the risk of errors.
As stated below, a fast tracking method is acceptable in the case where the project team is trying to meet up with the project deadlines. Again, it is important to report that the risk of skipping validation and verification to the IT steering committee.
D report the risks associated with such process to projectteam.
It is important that quality processes are appropriate to individual projects. Attempts to apply inappropriate processes will often find their abandonment under pressure. A fast-tracking process is an acceptable option under certain circumstances. However, it is important that the project steering committee is informed of the risks associated with this (i.e., possibility of rework if changes are required).