Certified Information Systems Auditor (CISA) — Question 1381

A bank's web-hosting provider has just completed an internal IT security audit and provides only a summary of the findings to the bank's auditor. Which of the following should be the bank's GREATEST concern?

Answer options

• A. The audit scope may not have addressed critical areas.
• B. The audit procedures are not provided to the bank.
• C. The bank's auditors are not independent of the service provider.
• D. The audit may be duplicative of the bank's internal audit procedures

Correct answer: A

Explanation

The greatest concern for the bank is that the audit scope may not have covered all critical areas, which could leave potential vulnerabilities unaddressed. While the other options raise valid points, they do not directly impact the thoroughness and effectiveness of the audit findings as much as the completeness of the audit scope does.