Certified Information Systems Auditor (CISA) — Question 440

Which of the following is the MOST useful information for an IS auditor to review when formulating an audit plan for the organization's outsourced service provider?

Answer options

• A. Service level agreement (SLA) reports
• B. The service provider's control self-assessment (CSA)
• C. The organization's procurement policy
• D. Independent audit reports

Correct answer: D

Explanation

Independent audit reports provide an objective assessment of the service provider's controls and processes, making them essential for the auditor's planning. While SLA reports, CSA, and procurement policy may offer some insights, they do not provide the same level of independent verification and assurance regarding the service provider's performance and compliance.