Guide 7: IT Outsourcing
Download (members only):
English (PDF, 1MB); Spanish (560 KB); French (480 KB)
Purchase from The IIA Bookstore
Rate this guide

The benefits of IT outsourcing are accompanied with the need to manage the complexities, risks, and challenges that come with it.

It is important that internal auditors understand the outsourcing context and help the organizations with a comprehensive review of its outsourcing operations and evaluation of its compliance with applicable laws and regulations. IT Outsourcing provides the chief audit executive (CAE), internal auditors, and management with the information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well-defined plans that are supported by a companywide risk, control, compliance, and governance framework.

Key issues covered in this guide include:

• How to choose the right IT outsourcing vendor?
• What are the best ways to manage outsourcing contract agreements?
• What are the main outsourcing risks and how to mitigate them?
• What are the key outsourcing control considerations from the standing points of both client operations and service provider operations?
• Which is the most effective framework for establishing outsourcing controls?

In addition, each section of this guide provides some key questions that internal auditors should ask during audits of IT outsourcing activities.

TABLE OF CONTENTS
1. Executive Summary
2. Introduction
3. Types of IT Outsourcing
4. Key Outsourcing Control Considerations - Client Operations
5. Key Outsourcing Control Considerations - Service Provider Operations
6. IT Outsourcing - A Few Applicable Control Frameworks and Guidelines
Compliance Standards
Other Available Frameworks and Guidelines
7. Recent Trends and the Future of Outsourcing
8. Glossary of Terms

Authors
Mayurakshi Ray
Parthasarathy Ramaswamy

Questions about this guide for the authors? E-mail guidance@theiia.org .