CISA Questions 201 – 300 and Answers 100% Verified.
7 views 0 purchase
Course
CISA
Institution
CISA
CISA Questions 201 – 300 and Answers
100% Verified.
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:
Select an answer:
A.
hardware configuration.
B.
access control software.
C.
ownership of intellectual property.
D.
application development...
CISA Questions 201 – 300 and Answers
100% Verified.
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:
Select an answer:
A.
hardware configuration.
B.
access control software.
C.
ownership of intellectual property.
D.
application development methodology. - answer✔✔You are correct, the answer is C.
A. The hardware configuration is generally irrelevant as long as the functionality, availability
and security can be affected, which are specific contractual obligations.
B. The access control software is generally irrelevant as long as the functionality, availability and
security can be affected, which are specific contractual obligations.
C. The contract must specify who owns the intellectual property (i.e., information being
processed, application programs). Ownership of intellectual property will have a significant cost
and is a key aspect to be defined in an outsourcing contract.
D. The development methodology should be of no real concern in an outsourcing contract.
An IS auditor has been assigned to review IT structures and activities recently outsourced to
various providers. Which of the following should the IS auditor determine FIRST?
Select an answer:
A.
An audit clause is present in all contracts.
B.
The service level agreement (SLA) of each contract is substantiated by appropriate key
performance indicators (KPIs).
C.
The contractual warranties of the providers support the business needs of the organization.
D.
At contract termination, support is guaranteed by each outsourcer for new outsourcers. -
answer✔✔You answered A. The correct answer is C.
A. All other choices are important, but the first step is to ensure that the contracts support the
business—only then can an audit process be valuable.
B. All service level agreements (SLAs) should be measureable and reinforced through key
performance indicators (KPIs)—but the first step is to ensure that the SLAs are aligned with
business requirements.
C. The primary requirement is for the services provided by the outsource supplier to meet the
needs of the business.
D. Having appropriate controls in place for contract termination are important, but first the IS
auditor must be focused on the requirement of the supplier to meet business needs.
With respect to the outsourcing of IT services, which of the following conditions should be of
GREATEST concern to an IS auditor?
Select an answer:
A.
Core activities that provide a differentiated advantage to the organization have been outsourced.
B.
Periodic renegotiation is not specified in the outsourcing contract.
C.
The outsourcing contract fails to cover every action required by the business.
D.
Similar activities are outsourced to more than one vendor. - answer✔✔You answered C. The
correct answer is A.
A. An organization's core activities generally should not be outsourced because they are what the
organization does best; an IS auditor observing that should be concerned.
B. An IS auditor should not be concerned about periodic renegotiation in the outsourcing
contract because that is dependent on the term of the contract.
C. Outsourcing contracts cannot be expected to cover every action and detail expected of the
parties involved, but should cover business requirements.
D. Multisourcing is an acceptable way to reduce risk associated with a single point of failure.
While conducting an audit of a service provider, an IS auditor observes that the service provider
has outsourced a part of the work to another provider. Because the work involves confidential
information, the IS auditor's PRIMARY concern should be that the:
A.
requirement for protecting confidentiality of information could be compromised.
B.
contract may be terminated because prior permission from the outsourcer was not obtained.
C.
other service provider to whom work has been outsourced is not subject to audit.
D.
outsourcer will approach the other service provider directly for further work. - answer✔✔You
are correct, the answer is A.
A. Many countries have enacted regulations to protect the confidentiality of information
maintained in their countries and/or exchanged with other countries. When a service provider
outsources part of its services to another service provider, there is a potential risk that the
confidentiality of the information will be compromised.
B. Terminating the contract for a violation of the terms of the contract could be a concern but is
not related to ensuring the confidentiality of information.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
