The initial big business and government rush to outsource entire IT departments has been replaced by more effective, but often complex smart sourcing arrangement. These arrangement try to provide ongoing flexibility while gaining the cost advantage and synergies that specialist providers can achieve. Unfortunately often the governance of these outsourced arrangement can problematic as the skill and understanding required is often lost to the outsourcer. It is considered appropriate practice to undertake an external compliance audit of these arrangements on a regular basis. This practice limits organizational risk, provides transparency and ensures appropriate understanding of how effective the service delivery has been.

By undertaking a compliance audit of the outsourced IT environment, management will obtain an evaluation of the internal controls affecting business processes relating to the activities outsourced and internal processes affected by the outsourcing. The audit will focus on compliance with contract, cost controls and transparency, relationship management, functionality and controls of provided services, fulfillment of assurance charter and regulatory compliance requirements.

 

Failures often found by these audits include:

  • Compromised information security
  • Costly and non-transparent compensation controls
  • Reduced system availability and questionable integrity of information
  • Failure to respond to relationship issues with timely and approved decisions
  • Limited flexibility due to Insufficient allocation of resources
  • Unclear responsibilities and accountabilities
  • Inaccurate billings
  • Regulatory compliance issues
  • Inability to satisfy audit/assurance charter or requirements of regulators or external auditors

Beyond Technology Consulting’s Audit team can provide you with an ISACA Certified Auditor to undertake such an audit tailored to your requirements. Our simple day rate based cost model ensures full transparency and cost control in delivering an Audit specific to your requirements and circumstances.