What is the major concern for an IS auditor when the quality assurance function reports to project management?

When the quality assurance (QA) function reports directly to project management, the primary concern for an IS auditor is the effectiveness of the QA function. This concern arises from the potential conflict of interest that can occur when QA is subordinate to project management. In such a structure, there may be pressure from project management to prioritize project timelines and deliverables over the strict adherence to quality standards.

The effectiveness of the QA function is crucial because its primary role is to ensure that the project deliverables meet the defined quality standards and requirements. If this function is compromised due to its reporting structure, it may result in poor quality deliverables, undetected defects, or an inability to meet customer expectations, ultimately affecting the project's success and the organization's reputation.

Indicators of effectiveness include the ability of the QA team to identify and mitigate risks, perform thorough testing, and provide unbiased assessments of project quality. Therefore, ensuring that the QA function operates independently and effectively is a key concern for auditors, as it impacts the overall integrity of the project outcome and compliance with industry standards.