Certified in Risk and Information Systems Control (CRISC) — Question 837

Which of the following is MOST important to review when determining whether a potential IT service provider's control environment is effective?

Answer options

• A. Control self-assessment (CSA)
• B. Service level agreements (SLAs)
• C. Key performance indicators (KPIs)
• D. Independent audit report

Correct answer: D

Explanation

The correct answer is D, as an independent audit report provides an objective evaluation of the service provider's control environment, highlighting areas of compliance and risk. While the other options like CSA, SLAs, and KPIs are important, they may not offer the same level of impartiality and thoroughness as an independent audit.