正解:D
An internal auditor's primary concern in evaluating third-party help desk services is ensuring that the provider meets Service-Level Agreement (SLA) requirements, particularly regarding response times, issue resolution, and service quality.
* Correct Answer (D - Whether the provider's responses and resolutions were well defined according to the SLA)
* The SLA defines expected service levels, including:
* Response and resolution times.
* Performance metrics (e.g., first-call resolution rate).
* Escalation procedures.
* Compliance with contractual obligations.
* The IIA Practice Guide: Auditing Third-Party Relationships states that internal auditors must assess SLA compliance as a key control in outsourcing arrangements.
* Why Other Options Are Incorrect:
* Option A (Whether every call was logged):
* While logging all calls is good practice, the focus should be on meeting SLA requirements, not just documentation.
* The IIA GTAG 7: Continuous Auditing emphasizes measuring performance, not just recording activities.
* Option B (Whether a unique ID was assigned to each issue):
* Issue tracking is important, but an ID alone does not guarantee service quality or SLA compliance.
* Option C (Whether the provider used its own facilities):
* The location of the service provider's facilities does not impact SLA compliance.
* IIA Practice Guide: Auditing Third-Party Relationships - Outlines how auditors should evaluate SLAs and vendor performance.
* IIA GTAG 7: Continuous Auditing - Highlights the importance of performance measurement in outsourced services.
Step-by-Step Explanation:IIA References for Validation:Thus, ensuring the provider meets SLA-defined response and resolution times (D) is the internal auditor's greatest concern.