Which of the following is the BEST information source for management to use as an aid in the
identification of assets that are subject to laws and regulations?

While conducting an audit of a service provider, an IS auditor observes that the service provider
has outsourced a part of the work to another provider. Since the work involves confidential
information, the IS auditor’s PRIMARY concern shouldbe that the:

With respect to the outsourcing of IT services, which of the following conditions should be of
GREATEST concern to an IS auditor?

An IS auditor has been assigned to review IT structures and activities recently outsourced to
various providers. Which of the following should the IS auditor determine FIRST?

When an organization is outsourcing their information security function, which of the following
should be kept in the organization?

To minimize costs and improve service levels an outsourcer should seek which of the following
contract clauses?

An IS auditor should expect which of the following items to be included in the request for proposal
(RFP) when IS is procuring services from an independent service provider (ISP)?

When performing a review of the structure of an electronic funds transfer (EFT) system, an IS
auditor observes that the technological infrastructure is based on a centralized processing scheme
that has been outsourced to a provider in another country. Based on this information, which of the
following conclusions should be the main concern of the IS auditor?

An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:

Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing
to request and review a copy of each vendor’s business continuity plan?