An IS auditor is unable to directly test privacy controls for a client’s cloud-based application. The MOST effective alternative to direct testing is to review:

An IS auditor is unable to directly test privacy controls for a client’s cloud-based application. The MOST effective alternative to direct testing is to review:
A . the provider’s internal audit reports.
B . the provider’s statement of assurance.
C . formal privacy certification.
D . independent audit reports.

View Answer

Answer: D