An organization has outsourced its help desk activities. An IS auditor’s GREATEST concern when
reviewing the contract and associated service level agreement (SLA) between the organization and
vendor should be the provisions for:
A.
documentation of staff background checks.
B.
independent audit reports or full audit access.
C.
reporting the year-to-year incremental cost reductions.
D.
reporting staff turnover, development or training.
Explanation:
When the functions of an IS department are outsourced, an IS auditor should ensure that a provision
is made for independent audit reports that cover all essential areas, or that the outsourcer has full
audit access. Although it is necessary to document the fact that background checks are performed,
this is not as important as provisions for audits. Financial measures such as year-to-year incremental
cost reductions are desirable to have in a service level agreement ( SLA ); however, cost reductions
are not as important as the availability of independent audit reports or full audit access. An SLA
might include human relationship measures such as resource planning, staff turnover, development
or training, but this is not as important as the requirements for independent reports or full audit
access by the outsourcing organization.