Global Technology Audit Guide (GTAG) 7: IT Outsourcing 2nd Edition - Download PDF

  • Item No. : 1027.dl
  • ISBN : 9780894136078
  • Publisher : The Institute of Internal Auditors
  • Publish Date : June 2012
  • Media : Download
  • Page count : 34
  • Member Price : $0.00
  • Non-Member Price : $24.99

Add to Wish List

Updated! From The Institute of Internal Auditors

This GTAG is provided as a service to members of The IIA.

Information technology (IT) outsourcing has grown in popularity as an efficient, cost-effective, and expert solution designed to meet the demands of systems implementation, maintenance, security, and operations. The benefits of IT outsourcing are accompanied with the need to manage the complexities, risks, and challenges that come with it.







This guide provides information on the types of IT outsourcing (ITO), the life cycle of ITO, and how internal auditors can approach risk in connection with ITO delivery. ITO is the contracting of IT functions, previously performed in-house, to an external service organization. Multi-sourcing can add complexity. Key questions to ask when considering audits of IT outsourcing activities:

  • How do IT control activities that have been outsourced relate to business processes?                          
  • Are internal auditors appropriately involved during key stages of the outsourcing life cycle?                  
  • Do internal auditors have sufficient IT knowledge and experience to consider risk and provide the right input? 
  •  If IT control activities are transitioned to an IT service organization, does it understand the roles and expectations of internal audit stakeholders? Are internal auditors able to see IT risk and present recommendations for processes that have been outsourced?                                                                   
  •  What role do Internal Audit teams play during renegotiation, repatriation and renewal of outsourcing contracts?

    The guide covers how to use the answers to these questions to determine a strategy for internal audit involvement regarding IT outsourcing to best protect the interest of the organization and meet stakeholder expectations.