Global Technology Audit Guide (GTAG) 7: IT Outsourcing 2nd Edition
As technologies change and the need for talent with specific skills continues to grow, IT departments have come to rely on outsourcing to help fill expectations. This guide will help internal audit establish a strategy for assessing and mitigating associated risks.
Internet Technology Outsourcing (ITO) is the contracting of IT functions, previously performed in-house, to an external service organization. IT Outsourcing, 2nd Edition provides information on the types of ITO, the life cycle of ITO, and how internal auditors can approach risk in connection with ITO delivery.
Key questions to ask when considering audits of IT outsourcing activities:
- How do IT control activities that have been outsourced relate to business processes?
- Are internal auditors appropriately involved during key stages of the outsourcing life cycle?
- Do internal auditors have sufficient IT knowledge and experience to consider risk and provide the right input?
- If IT control activities are transitioned to an IT service organization, does it understand the roles and expectations of internal audit stakeholders?
- Are internal auditors able to see IT risk and present recommendations for processes that have been outsourced?
- What role do Internal Audit teams play during renegotiation, repatriation and renewal of outsourcing contracts?
The guide covers how to use the answers to these questions to determine a strategy for internal audit involvement regarding IT outsourcing to best protect the interest of the organization and meet stakeholder expectations.