By evaluating application development projects against the capability maturity model (CMM), an IS
auditor should be able to verify that:
A.
reliable products are guaranteed.
B.
programmers’ efficiency is improved.
C.
security requirements are designed.
D.
predictable software processes are followed.
Explanation:
By evaluating the organization’s development projects against the CMM, an IS auditor determines
whether the development organization follows a stable, predictable software process. Although the
likelihood of success should increase as the software processes mature toward the optimizing
level, mature processes do not guarantee a reliable product. CMM does not evaluate technical
processes such as programming nor does it evaluate security requirements or other application
controls.