Isaca Updated CISA Exam Questions and Answers by andrei

A post-implementation review (PIR) is an assessment conducted at the end of a project cycle to determine if the project was indeed successful and to identify any existing flaws in the project1. One of the main objectives of a PIR isto evaluate the outcome and functional value of a project1. Therefore, an IS auditor should be most concerned with whether the system meets the intended requirements and delivers the expected benefits to the stakeholders. A system that does not have a maintenance plan is a major risk, as it may not be able to cope with changing needs, fix errors, or prevent security breaches. A maintenance planis essential for ensuring the system’s reliability, availability, and performance in the long term2.

The other options are less critical for a PIR, as they are more related to the project management aspects than the system quality aspects. The system may contain several minor defects that do not affect its functionality or usability, and these can be resolved in future updates. The system deployment may be delayed by three weeks due to unforeseen circumstances or dependencies, but this does not necessarily mean that the system is faulty or ineffective. The system may be over budget by 15% due to various factors such as scope creep, resource constraints, or market fluctuations, but this does not imply that the system is not valuable or beneficial.

The most helpful thing for an IS auditor to review when evaluating an organization’s business processes that are supported by applications and IT systems is the enterprise architecture (EA). EA is the practice of designing a business with a holistic view, considering all of its parts and how they interact. EA defines the overall goals, the strategies that support those goals, and the tactics that are needed to execute those strategies. EA also outlines the ways various components of IT projects interact with one another and with the business processes. By reviewing the EA, an IS auditor can gain a comprehensive understanding of how the organization aligns its IT efforts with its overall mission, business strategy, and priorities. An IS auditor can also assess the effectiveness, efficiency, agility, and continuity of complex business operations.

The other options are not as helpful as option B. A configuration management database (CMDB) is a database that stores and manages information about the components that make up an IT system. A CMDB tracks individual configuration items (CIs), such as hardware, software, or data assets, and their attributes, dependencies, and changes over time. A CMDB can help an IS auditor to monitor the performance, availability, and configuration of IT assets, but it does not provide a holistic view of how they support the business processes. IT portfolio management is the practice of managing IT investments, projects, and activities as a portfolio. IT portfolio management aims to optimize the value, risk, and cost of IT initiatives and align them with the business objectives. IT portfolio management can help an IS auditor to evaluate the return on IT investments and the alignment of IT projects with the business strategy, but it does not provide a detailed view of how they support the business processes. IT service management (ITSM) is the practice of planning, implementing, managing, and optimizing IT services to meet the needs of end users and customers. ITSM focuses on delivering IT as a service using standardized processes and best practices. ITSM can help an IS auditor to review the quality, efficiency, and effectiveness of IT service delivery and support, but it does not provide a comprehensive view of how they support the business processes. References: What is enterprise architecture (EA)? - RingCentral, What is a configuration management database (CMDB)? - Red Hat, IT Portfolio Management Strategies | Smartsheet, What is IT service management (ITSM)? | IBM

 A configuration management system is a process that establishes and maintains the consistency of a product’s attributes throughout its life cycle. It helps to identify and control the functional and physical characteristics of a product, and to record and report any changes to those characteristics. A configuration management system also supports the audit of the product to verify its conformance to requirements.

One of the key activities of a configuration management system is to define baselines for software. A baseline is a fixed reference point that serves as a basis for comparison and measurement. A baseline can be established for any configuration item, such as a requirement, a design document, a test plan, or a software component. A baseline helps to ensure that the software product meets its intended purpose and quality standards, and that any changes to the software are controlled and documented.

A configuration management system also supports other activities, such as tracking software updates, supporting the release procedure, and standardizing change approval, but these are not its primary purpose. Therefore, the other options are incorrect.