Certified Information Systems Auditor (CISA) — Question 824

What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?

Answer options

• A. An operational level agreement (OLA) was not negotiated.
• B. Software escrow was not negotiated.
• C. The contract does not contain a right-to-audit clause.
• D. Several vendor deliverables missed the commitment date.

Correct answer: B

Explanation

The greatest concern is software escrow because it ensures that the source code is available in case the vendor goes out of business or fails to support the software. The other options are important but do not pose as significant a risk to the continuity of the critical business process as the lack of software escrow does.