An auditor is reviewing the 'System Development Life Cycle' (SDLC). In which phase should security requirements be defined?

Security by Design = Start at the beginning.

What mistakes do candidates make on this CPA question?

Thinking security is added during testing.

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard

Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard

Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard

Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard

Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard