Certified Information Systems Auditor (CISA) — Question 1250

When planning an audit, it is acceptable for an IS auditor to rely on a third-party provider’s external audit report on service level management when the:

Answer options

• A. scope and methodology meet audit requirements
• B. service provider is independently certified and accredited
• C. report was released within the last 12 months
• D. report confirms that service levels were not violated

Correct answer: A

Explanation

The correct answer is A because the auditor needs to ensure that the audit's specific scope and methodology align with the requirements for their own assessment. Options B, C, and D, while important, do not address the fundamental need for the audit's criteria to be met, which is crucial for reliance on the report.