ISACA releases IT outsourcing Audit Program
Program helps IT decision makers to manage outsourcing agreements
Industry association ISACA has released a new audit program to help IT managers and decision makers to optimize outsourcing relationships, including vendor selection, onboarding and controls on outsourcing agreements.
The Outsourced IT Audit Program has been developed in response to demand for outsourcing of IT services and the increasing complexity of managing such relationships.
The audit program includes guidance on governance and risk assessment processes, plus cost benefit analysis, prior to initiating an outsourcing IT model; internal controls and requirements for the selection process of an outsourced IT vendor; appropriate steps to manage the transition from in-house to outsourced providers of IT services; and key monitoring and quantitative controls of the service delivery from the outsourced IT provider.
"The volume of technology-driven challenges and responsibilities can be overwhelming for many organisations in this era of digital disruption," said Christos Dimitriadis, PhD. CISA, CISM, CRISC, chair of ISACA's Board of Directors and group director of Information Security for INTRALOT. "The guidance provided in this audit program will help enterprises make strategic decisions about outsourcing IT services that will position them for success and allow them to place greater focus on their core capabilities."
Guidance put forth as part of the vendor selection process includes detailing steps needed to make sure the vendor complies with clients' regulatory requirements, the vendor is an industry leader in the IT outsourcing space, the vendor has established a business continuity plan, the codes of conduct between the client and the vendor are aligned, and contract terms are appropriate.
ISACA audit programs have been developed and reviewed by leading audit and assurance professionals worldwide. They can be downloaded to allow customization that fits varying work environments from www.isaca.org.