GREATEST Concern of IT Outsourcing Arrangement

A.

As an IS auditor, the primary concern when reviewing an IT outsourcing arrangement would be to ensure that the outsourcing arrangement is beneficial to the organization and that the vendor is meeting its contractual obligations. From the given options, the greatest concern would be C, i.e., development of Key Performance Indicators (KPIs) that will be used was assigned to the vendor.

KPIs are used to measure the performance of the vendor against the service level agreement (SLA) and to ensure that the vendor is meeting the agreed-upon standards. The development of KPIs should be done in consultation with the organization, and the KPIs should be aligned with the organization's objectives. If the development of KPIs is assigned to the vendor, there is a risk that the KPIs will not be aligned with the organization's objectives, and the vendor may not be held accountable for meeting the organization's goals.

Option A, i.e., several IT personnel performing the same functions as the vendor, may be a concern, but it is not the greatest concern. The auditor should review the roles and responsibilities of the IT personnel and the vendor to ensure that there is no duplication of effort and that the vendor is not performing tasks that should be performed by the IT personnel.

Option B, i.e., the contract not including a renewal option, may also be a concern, but it is not the greatest concern. The auditor should review the contract to ensure that it includes all necessary clauses, including a renewal option, to protect the organization's interests.

Option D, i.e., some penalties were waived during contract negotiations, may also be a concern, but it is not the greatest concern. The auditor should review the contract to ensure that it includes appropriate penalties for non-performance or breach of contract, and that any waivers or modifications to the penalties are in the best interest of the organization.