Certified Information Systems Auditor (CISA) — Question 480

When evaluating the management practices at a third-party organization providing outsourced services, the IS auditor considers relying on an independent auditor's report. The IS auditor would FIRST:

Answer options

• A. review the objectives of the audit.
• B. examine the independent auditor's workpapers.
• C. discuss the report with the independent auditor.
• D. determine if recommendations have been implemented.

Correct answer: A

Explanation

The IS auditor should first review the objectives of the audit to understand the scope and purpose of the independent auditor's findings. This step is crucial before delving into the details of the workpapers, discussing the report, or checking the implementation of recommendations, as it sets the context for further evaluation.