Which of the following should an IS auditor regard as the PRIMARY role of IT governance when considering an outsourcing arrangement for IT services?
Which of the following should an IS auditor regard as the PRIMARY role of IT governance when considering an outsourcing arrangement for IT services?
The primary role of IT governance in the context of an outsourcing arrangement for IT services is to ensure that the risks associated with outsourcing have been mitigated. Effective IT governance aims to align IT strategies with business objectives, manage performance, and ensure that risks are adequately addressed to protect the organization. Ensuring stakeholder input, vendor due diligence, and including a right-to-audit clause are important aspects of the outsourcing process, but the overarching priority must be the mitigation of associated risks to maintain operational stability and security.
A is right
Overall, while stakeholder input is valuable, the PRIMARY role of IT governance in considering an outsourcing arrangement for IT services is usually to ensure that the risks associated with outsourcing are thoroughly assessed and effectively mitigated. Therefore, option A is the most pertinent choice.