Outsourced IT Environments Audit/Assurance Program

Knowledge Center

Outsourced IT Environments Audit/Assurance Program Download (Member Only, 2.2M)
Bookstore Purchase the Book

Provide feedback on this document
Visit the Audit Tools and Techniques Knowledge Center community

The audit/assurance programs reflect the IT Assurance Framework (ITAF) sections 3400—IT Management Processes, 3600—IT Audit and Assurance Processes and 3800—IT Audit and Assurance Management and were developed in alignment with the Control Objectives for Information and related Technology (COBIT^®)—specifically COBIT 4.1.

Objective—The objectives of the IT outsourcing review are to:

Provide management with an independent assessment of the IT outsourcing process relating to the attainment of outsourcing objectives, compliance with the terms and conditions of the outsourcing contract, the accuracy of billing, and successful remediation of issues identified during the execution of business processes.
Provide management with an evaluation of the internal controls affecting business processes relating to the activities outsourced and internal processes affected by the outsourcing.

Scope—The review will focus on the outsourcing of the {ABC applications/processes/ infrastructure} to the {supplier}. The scope of the review is limited to the activities relevant to a previously outsourced environment in a production steady state. It excludes the justification, decision, and terms and conditions considered relating to the outsourcing process. The review will include the following:

Achievement of business requirements
Compliance with contract
Relationship management
Functionality and controls of provided services
Fulfillment of assurance charter and compliance requirements

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and necessary subject matter expertise to adequately review the work performed.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

ISACA: Serving IT Governance Professionals

Outsourced IT Environments Audit/Assurance Program

Quick Links