What should be the focus of an IS auditor conducting a service-level review?

In the context of an IS auditor conducting a service-level review, the emphasis should be on negotiating and defining required levels of service. This focus is crucial because it aligns the service deliverables with the business needs and expectations. By clearly defining the service levels through negotiations, the auditor ensures that both the service provider and the business stakeholders have a mutual understanding of what is expected. These defined levels of service facilitate performance measurement, accountability, and continuous improvement.

While ensuring maximum availability of all services is important, it is a broader operational goal rather than the specific focus of a service-level review. Likewise, comparing service costs to industry standards is valuable for financial assessment, but it does not directly relate to the service-level expectations between providers and stakeholders. Mapping services to criticality for the business can help prioritize services but does not encompass the essence of negotiating and defining those service levels. Therefore, the correct focus during a service-level review is on establishing clear, agreed-upon levels of service that meet the organization's requirements.