Certified Information Systems Auditor (CISA) — Question 918

Which of the following should an IS auditor regard as the PRIMARY role of IT governance when considering an outsourcing arrangement for IT services?

Answer options

• A. Ensuring the risk associated with outsourcing has been mitigated
• B. Ensuring stakeholder input in the outsourcing decision process
• C. Ensuring vendor due diligence during the vendor selection process
• D. Ensuring the outsourcing contract includes a right-to-audit clause

Correct answer: A

Explanation

The correct answer, A, highlights the importance of risk management in outsourcing, which is a primary concern for IT governance. Options B, C, and D, while relevant, focus on stakeholder involvement, vendor evaluation, and contract terms, which are secondary considerations compared to the overall risk mitigation strategy.