Examice

Exam IIA-CIA-Part2 All QuestionsBrowse all questions from this exam

Go to Exam

Question 97

In a review of an electronic data interchange application using a third-party service provider, the auditor should:

I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.

II. Determine whether an independent review of the service provider's operation has been conducted.

III. Verify that only public-switched data networks are used by the service provider.

IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.

I and II only

I and IV only

II and III only

II and IV only

Correct Answer: D

When reviewing an electronic data interchange application using a third-party service provider, it is essential to ensure that the service provider's operation has undergone an independent review to establish trustworthiness and operational integrity. Additionally, the service provider's contracts must include necessary clauses such as the right to audit, ensuring that the organization retains the ability to independently verify the provider's compliance with agreed standards. These two points cover fundamental aspects of security and accountability in dealing with third-party service providers, making them the correct focus areas for an auditor.

Discussion

Kate

Why is this the answers

az_zu

It is crucial for IA to know that they can audit a service provider, check that the contract is compiled with and that the service provider has done a review of themselves to ensure they are operating effectively (i.e SOX reports)

John1237

Risks associated with outsourcing threaten the organization. Third-party service providers must be independently audited. This must be included in the contractual clauses so that there is no ambiguity.