Certified Information Systems Auditor (CISA) — Question 1208

When performing an audit of a third-party provider, it is MOST important to ensure:

Answer options

• A. the service level agreement (SLA) is monitored.
• B. items identified in the risk assessment have been addressed.
• C. a vendor monitoring process has been implemented.
• D. a vendor relationship manager is assigned.

Correct answer: B

Explanation

Ensuring that items identified in the risk assessment have been addressed is crucial because it directly relates to mitigating potential risks associated with the vendor. While monitoring the SLA, implementing a vendor monitoring process, and assigning a vendor relationship manager are important, they do not address the fundamental risks that could impact the organization as effectively as addressing the risk assessment findings.