Prev Question
Next Question

Which of the following should be of PRIMARY concern to an IS auditor reviewing the management
of external IT service providers?

Minimizing costs for the services provided

Prohibiting the provider from subcontracting services

Evaluating the process for transferring knowledge to the IT department

Determining if the services were provided as contracted

From an IS auditor’s perspective, the primary objective of auditing the management of service

providers should be to determine if the services that were requested were provided in a way that is
acceptable, seamless and in line with contractual agreements. Minimizing costs, if applicable and
achievable (depending on the customer’s need) is traditionally not part of an IS auditor’s job. This
would normally be done by a line management function within the IT department. Furthermore,
during an audit, it is too late to minimize the costs for existing provider arrangements.
Subcontracting providers could be a concern, but it would not be the primary concern. Transferring
knowledge to the internal IT department might be desirable under certain circumstances, but should
not be the primary concern of an IS auditor when auditing IT service providers and the management

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *