Greatest Concern: Bank's Web-Hosting Provider Audit Summary | CISA Exam Answer

A.

The bank's greatest concern in this scenario is the possibility that the audit scope may not have addressed critical areas (Option B). The summary provided by the web-hosting provider may not provide the bank with sufficient information to determine whether the audit scope was adequate and whether all critical areas were assessed.

Option A - The bank's auditors not being independent of the service provider is not the greatest concern in this scenario as long as the auditors exercise due professional care in their work and are not unduly influenced by the service provider.

Option C - The possibility of duplicative audits is not the greatest concern in this scenario because even if the audit is duplicative, it does not pose a significant risk to the bank's IT security.

Option D - The fact that audit procedures were not provided to the bank is not the greatest concern in this scenario as long as the summary provided by the service provider is sufficient for the bank to assess the adequacy of the audit. However, if the summary is not sufficient, the bank may need to request more detailed information about the audit procedures to ensure the audit scope was adequate.

Overall, the bank's greatest concern in this scenario is whether the audit scope adequately addressed all critical areas. The bank should seek additional information from the service provider or perform its own independent audit to ensure the web-hosting provider's IT security is sufficient.