Free Preparation Discussions
MENU
IIA Exam IIA-CIA-Part2 Topic 7 Question 94 Discussion
Topic #: 7
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider's operation has been conducted.
Verify that the service provider's contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
When conducting a review of an electronic data interchange (EDI) application provided by a third-party service, it is essential to determine whether an independent review of the service provider's operation has been conducted and to verify that the service provider's contracts include necessary clauses. These steps ensure that the service provider operates securely and meets the organization's requirements for data protection and service reliability.
IIA Reference:
IIA Standard 2100: Nature of Work indicates that internal audit should evaluate the adequacy and effectiveness of controls, including those at third-party service providers. Verifying that an independent review has been conducted and ensuring that contracts contain the necessary clauses are critical steps in assessing these controls.
The Practice Guide on Third-Party Risk Management advises internal auditors to review the service provider's contractual agreements and independent audit reports to assess the adequacy of controls and compliance with standards.
Corrinne
3 days ago