When an organization outsources a payroll system to a cloud service provider, the IS auditor's PRIMARY concern should be the:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When an organization outsources a payroll system to a cloud service provider, the IS auditor's primary concern should be ensuring the security and confidentiality of the organization's sensitive data.
Option A - Service level agreement (SLA) is not reviewed annually: The SLA outlines the responsibilities of the service provider and the client organization. While reviewing the SLA is important, it is not the IS auditor's primary concern when outsourcing a payroll system to a cloud service provider.
Option B - Lack of independent assurance from a third party: This is a valid concern for the IS auditor. It is important to ensure that the service provider has undergone an independent audit to validate their security controls and processes.
Option C - Service provider's data center is on the ground floor: While the physical security of the service provider's data center is important, it is not the IS auditor's primary concern. The IS auditor should focus on ensuring that the service provider has appropriate controls and processes in place to protect the confidentiality and integrity of the client organization's data.
Option D - Service provider's platform is not compatible with legacy systems: While compatibility issues can be a concern, it is not the primary concern for the IS auditor. The IS auditor should ensure that the service provider has appropriate security controls in place, and that the data is protected during transmission and storage.
In summary, the primary concern of the IS auditor when an organization outsources a payroll system to a cloud service provider should be ensuring the security and confidentiality of the organization's sensitive data. The lack of independent assurance from a third party is a valid concern, but physical security and compatibility issues are secondary concerns.