What should an IS auditor be able to verify by evaluating application development projects against the capability maturity model (CMM)?

D. predictable software processes are followed.

By evaluating the organizations development projects against the CMM, the IS auditor determines whether the development organization follows a stable, predictable software process. Although the likelihood of success should increase as the software processes mature toward the optimizing level, mature processes do not guarantee a reliable product. CMM does not evaluate technical processes such as programming nor does it evaluate security requirements or other application controls.