CISA Certified Information Systems Auditor – Question2674

An IS auditor is unable to directly test privacy controls for a client’s cloud-based application. The MOST effective alternative to direct testing is to review:

A.
the provider’s internal audit reports.
B. the provider’s statement of assurance.
C. formal privacy certification.
D. independent audit reports.

Correct Answer: D