Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 158

An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?

Answer options

• A. The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.
• B. The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.
• C. The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.
• D. The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall

Correct answer: B

Explanation

The correct answer, B, is appropriate because it emphasizes the need for active monitoring and addressing issues directly with the service provider, ensuring compliance with the service level agreement. Option A focuses on skill requirements, which, while important, does not directly address the failure in meeting the agreement. Option C is about communication strategy, which is essential but does not resolve the immediate performance issues. Option D suggests reviewing the agreement but lacks the proactive approach needed to rectify the situation quickly.