Certified Information Systems Auditor (CISA) — Question 441

Which of the following is the MOST efficient way to assess the controls in a service provider's environment?

Answer options

• A. Review testing performed by the service provider's internal audit department.
• B. Require the service provider to conduct control self-assessments (CSAs).
• C. Review the service provider's master service agreement (MSA).
• D. Obtain an independent auditor's report from the service provider.

Correct answer: D

Explanation

The correct answer, D, is the most efficient since an independent auditor's report provides an objective evaluation of the controls, ensuring reliability and credibility. Option A lacks independence as it relies on the service provider's internal audit, while B may not guarantee thoroughness, and C only reviews contractual terms without assessing actual controls.