Question 28
UnclassifiedWhich of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Correct answer: C
Explanation
An audit scope document defines what will be examined, and the most important element is the "processes and systems to be audited." This sets the boundaries of the review and identifies the cloud service provider activities and platforms the auditor must assess.
Why each option is right or wrong
A. Updated audit work program
B. Documentation criteria for the audit evidence
C. Processes and systems to be audited
The audit scope must first identify the exact processes and systems under examination, because that defines the boundary of the engagement and determines what evidence can be collected and tested. In cloud-service audits, this is the controlling scope element under standard audit planning practice (for example, ISO 19011 and ISACA audit planning guidance), since controls, interfaces, and shared-responsibility areas cannot be assessed unless the relevant platforms and operational processes are explicitly named.
D. Testing procedure to be performed