According to Maslow's hierarchy of needs, once an individual's lower-level needs (physiological, safety, and social needs) are met, they seek higher-level motivators such as esteem and self-actualization. Recognition falls under esteem needs, which include respect, status, and appreciation. Employees who feel valued and recognized are more likely to stay with an organization.
A). Social benefits - These are lower-level needs (belongingness/social needs), which have already been met in this scenario.
B). Compensation - While salary is important, it primarily addresses physiological and security needs, which are lower on Maslow's hierarchy. Once these are met, higher-level motivators like recognition become more influential.
C). Job safety - Safety and security are lower-level needs, and in this scenario, they are already met.
D). Recognition (Correct Answer) - Falls under esteem needs, which are crucial for employee retention once basic needs are satisfied.
IIA IPPF Standard 2120 - Risk Management includes talent management as part of organizational sustainability.
COSO ERM Framework - Human Capital Risk highlights employee motivation as a key factor in risk management.
IIA GTAG 7 - Managing IT Security Risks discusses employee satisfaction and its impact on organizational security and retention.
Explanation of Each Option:IIA References:

Comprehensive and Detailed In-Depth Explanation:
In the context of in-house application system development, establishing a robust development process is crucial. Such a process is designed to prevent, detect, and correct errors that may occur during development and implementation. This includes implementing coding standards, conducting regular code reviews, and performing comprehensive testing phases (unit, integration, system, and user acceptance testing) to identify and rectify errors promptly. While logical access controls (option A) and maintaining records of data processing (option C) are essential, they pertain more to operational controls post-development. Documenting business users' requirements (option D) is a critical initial step; however, without a development process focused on error management, merely documenting requirements doesn't ensure error prevention or correction. Therefore, option B best exemplifies a key systems development control in this context.

Understanding BYOD Risks:
A Bring-Your-Own-Device (BYOD) policy allows employees to use personal devices (e.g., laptops, smartphones, tablets) for work.
This increases security risks such as unauthorized access, malware infections, data leakage, and non- compliance with IT security policies.
Why Option C (Detection and Authentication Controls) Is Correct?
Detection and authentication controls ensure that:
Only authorized devices can connect to the organization's network.
User authentication mechanisms (such as multi-factor authentication) verify identities before granting access.
Devices with security vulnerabilities are flagged and restricted.
This aligns with IIA Standard 2110 - Governance, which emphasizes IT security controls for risk mitigation.
ISO 27001 and NIST Cybersecurity Framework also recommend device authentication and monitoring for secure network access.
Why Other Options Are Incorrect?
Option A (Limit personal use of employee devices):
Limiting personal use does not fully address network security risks; malware can still infect devices.
Option B (Control access through approvals and reviews):
While access control is important, it does not mitigate the broader risks of compromised devices connecting to the network.
Option D (Software scans and patch reminders):
Patching is important, but it does not prevent unauthorized access or ensure authentication for devices.
Implementing device detection and authentication controls is the most effective way to mitigate security risks in a BYOD environment.
IIA Standard 2110 and ISO 27001 emphasize strong network security measures.
Final Justification:IIA References:
IPPF Standard 2110 - Governance (IT Risk Management & BYOD Security)
ISO 27001 - Information Security Management
NIST Cybersecurity Framework - Access Control & Authentication

Comprehensive and Detailed In-Depth Explanation:
Primary controls in spreadsheet management focus on ensuring data accuracy, integrity, and security.
Option A (Locking formulas and static data) prevents unauthorized changes, ensuring data integrity. This is a direct control over spreadsheet accuracy, making it the correct answer.
Option B (Backup storage) is an IT operational control, not a primary financial reporting control.
Option C (Documentation of spreadsheet use) is important for governance but does not directly prevent errors.
Option D (Version control software) helps manage changes but does not directly ensure financial reporting accuracy.
Thus, locking and protecting spreadsheet formulas is the most critical primary control for accurate financial reporting.
Reference: IIA IT Controls & Data Governance

* Understanding the Project Life Cycle:
* The project life cycle consists of initiation, planning, execution, and closure.
* Early stages involve planning and defining scope, while later stages focus on execution and completion.
* Why Change Costs Increase Over Time:
* In early stages, changes are relatively inexpensive as they mainly involve planning adjustments.
* As the project progresses, modifications require rework, additional resources, and schedule delays, increasing costs.
* Near project completion, changes can be very costly, requiring significant time and effort to correct.
* Why Other Options Are Incorrect:
* A. Risk and uncertainty increase over time - Incorrect; risk and uncertainty decrease as the project moves forward and becomes more defined.
* B. Costs and staffing levels are high at project close - Incorrect; they are usually highest during execution, not closure.
* D. Project life cycle = product life cycle - Incorrect; they are separate concepts. A product may exist long after the project ends.
* IIA GTAG 12 - Auditing IT Projects: Discusses project life cycle and cost implications.
* IIA Practice Guide on Project Risk Management: Highlights cost escalation risks in later project phases.
* PMBOK (Project Management Body of Knowledge) Framework: Defines cost increase trends in project management.
Relevant IIA References:# Final Answer: Costs related to making changes increase as the project approaches completion (Option C).