Which of the following should an organization use to ensure that it can review the controls and performance of a service provider or vendor?

A service-level agreement (SLA) outlines the expected performance and quality metrics for services provided by a vendor, but it does not inherently grant the right to conduct audits. While an SLA can specify performance standards, it does not provide a mechanism for the organization to independently verify compliance through audits.

A memorandum of agreement (MOA) serves as a formal document outlining the intentions and responsibilities of parties involved in a partnership. However, it lacks the specific provisions necessary for oversight or performance evaluation, making it insufficient for ensuring control reviews of a service provider.

Supply chain analysis involves evaluating the overall supply chain efficiency and performance but does not focus on the individual controls or performance of a specific vendor. While it provides insights into the broader supply chain dynamics, it does not support direct auditing or review of a vendor's compliance or operational controls.