Certified Information Systems Auditor (CISA) — Question 1132

An organization outsources its payroll function to a third-party service provider. Which of the following is MOST important for an IS auditor to verify when reviewing the outsourcing agreement?

Answer options

• A. The provider has agreed to a right-to-audit clause.
• B. The provider aligns with payroll industry best practices.
• C. The provider has a good service reputation.
• D. The provider has an extensive security training program.

Correct answer: A

Explanation

The most critical factor for an IS auditor to verify is the right-to-audit clause, as it ensures that the organization can review the third-party provider's compliance and practices. While aligning with industry best practices, having a good reputation, and providing security training are important, they do not offer the same level of assurance regarding oversight and accountability as the ability to conduct audits.