Comprehensive and Detailed Step-by-Step Explanation:
A strongQA functionrequires anindependentreview of changes toavoid biasandensure objectivity.
Option A (Correct):Ifdevelopers review their own changes, there is ahigh risk of biasand overlooking issues, making this the greatest concern. This violatesseparation of dutiesandbest practices for quality assurance.
Option B (Incorrect):Peer reviews within the same teamreduce risksincefresh eyesreview the changes, though it is not as strong as an external review.
Option C (Incorrect):Havingdevelopers from a separate teamreview the code providesbetter objectivityand reduces risks associated withself-review.
Option D (Incorrect):Whilenon-developers may lack technical expertise, their review ensuresindependence, making it a stronger control than self-review.
[Reference:ISACA CISA Review Manual –Domain 3: Information Systems Acquisition, Development, and Implementation– Coversquality assurance, code reviews, and segregation of duties., , , ]
Submit