During a build vs. buy analysis, the IS auditor observes that the organization decided to build a custom application because no vendor solution met all requirements. Which of the following risks should the auditor emphasize?
Custom development often takes longer and costs more than buying.
Why this answer
Custom development carries risk of longer time-to-market and higher cost due to unforeseen complexities.