ExamGecko
Search Search Login
Home Home / Isaca / CGEIT
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?
Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?
An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?
An organization's board of directors has questioned the value provided by IT key performance indicators (KPIs). Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?
Acceptance of an enterprise's newly implemented IT governance initiatives has been resisted by a functional group requesting more autonomy over technology choices. Which of the following is MOST important to accommodate this need for autonomy?
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?
Which of the following decisions would be made by the IT strategy committee?
A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?
Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

Question 519 - CGEIT discussion

Report
Export

An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

A.

for robust change management.

Answers
A.

for robust change management.

B.

for periodic service provider audits.

Answers
B.

for periodic service provider audits.

C.

for enterprise architecture (EA) updates.

Answers
C.

for enterprise architecture (EA) updates.

D.

to qualify service providers.

Answers
D.

to qualify service providers.

Suggested answer: B

Explanation:

A periodic service provider audit is a process of conducting an independent and objective assessment of the service provider's performance, quality, compliance, and security in relation to the agreed service level agreement (SLA) and the enterprise's expectations and requirements. A periodic service provider audit can help provide quality of service oversight by:

Verifying and validating the service provider's claims and credentials, and ensuring that they meet the contractual obligations and standards

Identifying and evaluating the strengths, weaknesses, opportunities, and threats of the service provider's services, processes, and controls

Detecting and reporting any issues, gaps, or risks that may affect the quality of service delivery or the enterprise's objectives and value

Recommending and implementing corrective and preventive actions to address and resolve the issues, gaps, or risks

Monitoring and measuring the outcomes and effectiveness of the corrective and preventive actions, and ensuring their alignment with the SLA

According to the CGEIT Review Manual 20221, ''Service provider audits are a key mechanism for ensuring that service providers are meeting their contractual obligations and delivering value to the enterprise. Service provider audits should be conducted periodically or as needed to assess the performance, quality, compliance, and security of the service provider's services, processes, and controls.''

According to the ISACA article on IT Outsourcing: Audit Considerations2, ''IT outsourcing audit is a process of examining and evaluating the IT outsourcing arrangements between an enterprise and its service providers. IT outsourcing audit aims to provide assurance that the IT outsourcing arrangements are aligned with the enterprise's strategy, objectives, and risk appetite; that the service providers are delivering the expected services in accordance with the SLAs; that the service providers are complying with the applicable laws, regulations, and standards; and that the service providers are managing and mitigating the IT outsourcing risks effectively.''

According to the PwC article on Service Provider Audits3, ''Service provider audits are an essential tool for organizations to gain insight into their service providers' operations, controls, risks, and compliance status. Service provider audits can help organizations ensure that their service providers are meeting their expectations and obligations; identify any areas of improvement or concern; enhance their relationship and communication with their service providers; and optimize their IT outsourcing strategy.''

Show Answer
asked 18/11/2024
Lebogang Aphane
44 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms