GTAG7 - The Institute of Internal Auditors

GTAG7 cover Guide 7: IT Outsourcing
Information technology (IT) outsourcing has grown in popularity as an efficient, cost-effective, and expert solution designed to meet the demands of systems implementation, maintenance, security, and operations. The benefits of IT outsourcing are accompanied with the need to manage the complexities, risks, and challenges that come with it. It is important that internal auditors understand the outsourcing context and help the organizations with a comprehensive review of its outsourcing operations and evaluation of its compliance with applicable laws and regulations. Global Technology Audit Guide -7 IT Outsourcingprovide the chief audit executive (CAE), internal auditors, and management with the information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well-defined plans that are supported by a companywide risk, control, compliance, and governance framework. Key issues covered in this guide include:

How to choose the right IT outsourcing vendor?
What are the best ways to manage outsourcing contract agreements?
What are the main outsourcing risks and how to mitigate them?
What are the key outsourcing control considerations from the standing points of both client operations and service provider operations?
Which is the most effective framework for establishing outsourcing controls?

Each section of this guide provides some key questions that internal auditors should ask during audits of IT outsourcing activities, such as:

Are internal auditors appropriately involved during key stages of the outsourcing lifecycle?
Do internal auditors have sufficient outsourcing knowledge and experience to provide the right input?
Do internal auditors understand the roles and expectations of stakeholders within the context of the organization's outsourcing initiative?
If IT audit plans are outsourced, are created plans based on a complete, top-down, and risk-based scope of work?
Are internal auditors able to present outsourcing recommendations in a way that managers understand to facilitate their implementation?
Are internal auditors able to communicate outsourced IT audit findings in a way that is understood and taken seriously by the organization's board of directors?

Authors: Mayurakshi Ray, Parthasarathy Ramaswamy

Download a free copy of GTAG 7: IT Outsourcing (PDF 1MB)
Purchase a printed version
Download form for permission to translate to another language (PDF, 20KB)
Download GTAG 7 PowerPoint slides (PPT, 294KB)

Quick Search Advanced Search Site Map IIA Popular Pages CIA Exam Content CFSA Individual Memberships Code of Ethics Information Technology		Home / Professional Guidance / Information Technology / GTAG / GTAG7 Guide 7: IT Outsourcing Information technology (IT) outsourcing has grown in popularity as an efficient, cost-effective, and expert solution designed to meet the demands of systems implementation, maintenance, security, and operations. The benefits of IT outsourcing are accompanied with the need to manage the complexities, risks, and challenges that come with it. It is important that internal auditors understand the outsourcing context and help the organizations with a comprehensive review of its outsourcing operations and evaluation of its compliance with applicable laws and regulations. *Global Technology Audit Guide -7 IT Outsourcing*provide the chief audit executive (CAE), internal auditors, and management with the information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well-defined plans that are supported by a companywide risk, control, compliance, and governance framework. Key issues covered in this guide include: How to choose the right IT outsourcing vendor? What are the best ways to manage outsourcing contract agreements? What are the main outsourcing risks and how to mitigate them? What are the key outsourcing control considerations from the standing points of both client operations and service provider operations? Which is the most effective framework for establishing outsourcing controls? Each section of this guide provides some key questions that internal auditors should ask during audits of IT outsourcing activities, such as: Are internal auditors appropriately involved during key stages of the outsourcing lifecycle? Do internal auditors have sufficient outsourcing knowledge and experience to provide the right input? Do internal auditors understand the roles and expectations of stakeholders within the context of the organization's outsourcing initiative? If IT audit plans are outsourced, are created plans based on a complete, top-down, and risk-based scope of work? Are internal auditors able to present outsourcing recommendations in a way that managers understand to facilitate their implementation? Are internal auditors able to communicate outsourced IT audit findings in a way that is understood and taken seriously by the organization's board of directors? Authors: Mayurakshi Ray, Parthasarathy Ramaswamy Download a free copy of GTAG 7: IT Outsourcing (PDF 1MB) Purchase a printed version Download form for permission to translate to another language (PDF, 20KB) Download GTAG 7 PowerPoint slides (PPT, 294KB)		Global Technology Audit Guides (GTAG^®) Guide 1 Guide 2 Guide 3 Guide 4 Guide 5 Guide 6 Guide 7 Guide 8 Guide 9 IT Resources Review some of the latest IT Resources available for IT auditing. GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology