Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers? A. Minimizing costs for the services provided B. Prohibiting the provider from subcontracting services C. Evaluating the process for transferring knowledge to the IT department D. Determining if the services were provided as contracted
Correct Answer: D
Explanation:
Explanation:
From an IS auditor’s perspective, the primary objective of auditing the management of service providers should be to determine if the services that were requested were provided in a way that is acceptable, seamless and in line with contractual agreements.
Minimizing costs, if applicable and achievable (depending on the customer’s need) is traditionally not part of an IS auditor’s job. This would normally be done by a line management function within the IT department.
Furthermore, during an audit, it is too late to minimize the costs for existing provider arrangements. Subcontracting providers could be a concern, but it would not be the primary concern. Transferring knowledge to the internal IT department might be desirable under certain circumstances, but should not be the primary concern of an IS auditor when auditing IT service providers and the management thereof.
Please disable your adblocker or whitelist this site!