CISA Certified Information Systems Auditor – Question0324

When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST discuss recommendations with the:

A.
service provider support team manager
B. organization’s service level manager
C. organization’s chief information officer (CIO)
D. service provider contract liaison

Correct Answer: A