Outsourced IT Environments Audit/Assurance Program 


Outsourced IT Environments Audit/Assurance Program  Download (262K; Member Only)
Bookstore Purchase the Book
  View free preview for Members Only

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community

The objectives of the IT outsourcing review are to:

  • Provide management with an independent assessment of the IT outsourcing process relating to the attainment of outsourcing objectives, compliance with the terms and conditions of the outsourcing contract, the accuracy of billing, and successful remediation of issues identified during the execution of business processes.
  • Provide management with an evaluation of the internal controls affecting business processes relating to the activities outsourced and internal processes affected by the outsourcing.
  • Permit the audit/assurance professional to place audit reliance on the data and operational processes performed by the supplier on behalf of the customer.

The review will focus on the outsourcing of the {ABC applications/processes/infrastructure} to the {supplier}. The scope of the review is limited to the activities relevant to a previously outsourced environment in a production steady-state. It excludes the justification, decision, and terms and conditions considered relating to the outsourcing process. The review will include the following:

  • Achievement of business requirements
  • Compliance with contract
  • Relationship management
  • Functionality and controls of provided services
  • Fulfillment of assurance charter and compliance requirements

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.