CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 209
1. An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?
A) References from other customers
B) Service level agreement (SLA) template
C) Maintenance agreement
D) Conversion plan
2. To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
A) O/S and hardware refresh frequencies
B) Gain-sharing performance bonuses
C) Penalties for noncompliance
D) Charges tied to variable cost metrics
3. When an organization is outsourcing their information security function, which of the following should be kept in the organization?
A) Accountability for the corporate security policy
B) Defining the corporate security policy
C) Implementing the corporate security policy
D) Defining security procedures and guidelines
4. An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?
A) That an audit clause is present in all contracts
B) That the SLA of each contract is substantiated by appropriate KPIs
C) That the contractual warranties of the providers support the business needs of the organization
D) That at contract termination, support is guaranteed by each outsourcer for new outsourcers
5. With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?
A) Outsourced activities are core and provide a differentiated advantage to the organization.
B) Periodic renegotiation is specified in the outsourcing contract.
C) The outsourcing contract fails to cover every action required by the arrangement.
D) Similar activities are outsourced to more than one vendor.
A) References from other customers
B) Service level agreement (SLA) template
C) Maintenance agreement
D) Conversion plan
2. To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
A) O/S and hardware refresh frequencies
B) Gain-sharing performance bonuses
C) Penalties for noncompliance
D) Charges tied to variable cost metrics
3. When an organization is outsourcing their information security function, which of the following should be kept in the organization?
A) Accountability for the corporate security policy
B) Defining the corporate security policy
C) Implementing the corporate security policy
D) Defining security procedures and guidelines
4. An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?
A) That an audit clause is present in all contracts
B) That the SLA of each contract is substantiated by appropriate KPIs
C) That the contractual warranties of the providers support the business needs of the organization
D) That at contract termination, support is guaranteed by each outsourcer for new outsourcers
5. With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?
A) Outsourced activities are core and provide a differentiated advantage to the organization.
B) Periodic renegotiation is specified in the outsourcing contract.
C) The outsourcing contract fails to cover every action required by the arrangement.
D) Similar activities are outsourced to more than one vendor.
1. Right Answer: A
Explanation: An IS auditor should look for an independent verification that the ISP can perform the tasks being contracted for. References from other customers would provide an independent, external review and verification of procedures and processes the ISP follows-issues which would be of concern to an IS auditor. Checking references is a means of obtaining an independent verification that the vendor can perform the services it says it can. A maintenance agreement relates more to equipment than to services, and a conversion plan, while important, is less important than verification that the ISP can provide the services they propose.
2. Right Answer: B
Explanation: Because the outsourcer will share a percentage of the achieved savings, gain-sharing performance bonuses provide a financial incentive to go above and beyond the stated terms of the contract and can lead to cost savings for the client. Refresh frequencies and penalties for noncompliance would only encourage the outsourcer to meet minimum requirements. Similarly, tying charges to variable cost metrics would not encourage the outsourcer to seek additional efficiencies that might benefit the client.
3. Right Answer: A
Explanation: Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.
4. Right Answer: C
Explanation: The complexity of IT structures matched by the complexity and interplay of responsibilities and warranties may affect or void the effectiveness of those warranties and the reasonable certainty that the business needs will be met. All other choices are important, but not as potentially dangerous as the interplay of the diverse and critical areas of the contractual responsibilities of the outsourcers.
5. Right Answer: A
Explanation: An organization's core activities generally should not be outsourced, because they are what the organization does best; an IS auditor observing that should be concerned. An IS auditor should not be concerned about the other conditions because specification of periodic renegotiation in the outsourcing contract is a best practice. Outsourcing contracts cannot be expected to cover every action and detail expected of the parties involved, while multisourcing is an acceptable way to reduce risk.
Explanation: An IS auditor should look for an independent verification that the ISP can perform the tasks being contracted for. References from other customers would provide an independent, external review and verification of procedures and processes the ISP follows-issues which would be of concern to an IS auditor. Checking references is a means of obtaining an independent verification that the vendor can perform the services it says it can. A maintenance agreement relates more to equipment than to services, and a conversion plan, while important, is less important than verification that the ISP can provide the services they propose.
2. Right Answer: B
Explanation: Because the outsourcer will share a percentage of the achieved savings, gain-sharing performance bonuses provide a financial incentive to go above and beyond the stated terms of the contract and can lead to cost savings for the client. Refresh frequencies and penalties for noncompliance would only encourage the outsourcer to meet minimum requirements. Similarly, tying charges to variable cost metrics would not encourage the outsourcer to seek additional efficiencies that might benefit the client.
3. Right Answer: A
Explanation: Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.
4. Right Answer: C
Explanation: The complexity of IT structures matched by the complexity and interplay of responsibilities and warranties may affect or void the effectiveness of those warranties and the reasonable certainty that the business needs will be met. All other choices are important, but not as potentially dangerous as the interplay of the diverse and critical areas of the contractual responsibilities of the outsourcers.
5. Right Answer: A
Explanation: An organization's core activities generally should not be outsourced, because they are what the organization does best; an IS auditor observing that should be concerned. An IS auditor should not be concerned about the other conditions because specification of periodic renegotiation in the outsourcing contract is a best practice. Outsourcing contracts cannot be expected to cover every action and detail expected of the parties involved, while multisourcing is an acceptable way to reduce risk.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment