IIA Provides Guidance

ALTAMONTE SPRINGS, Fla. - Trends in information technology (IT) outsourcing have prompted The Institute of Internal Auditors (IIA) to focus its seventh Global Technology Audit GuideR (GTAGR) on this topic. Written in straightforward business language, GTAG 7 will help C-level executives and boards of directors understand various risks when navigating the complex task of IT outsourcing.

"IT outsourcing has grown in popularity as an efficient and cost-effective way to meet IT management demands such as systems implementation, maintenance, security, and operations," says IIA Manger of Technology Practices Lily Bi. "There are benefits from outsourcing this function, but they come with complexities, risks and challenges. It's important that executive management and boards understand how to conduct a comprehensive review of an organization's outsourced operations, evaluate the risk management process, and comply with applicable laws and regulations. When it comes down to it, those at the top are the ones accountable for ensuring that things are as they should be. Chief audit executives and audit supervisors can use GTAG 7 to help people who have limited technical knowledge to better understand these risks."

GTAG 7 describes some of the most common outsourcing risks and their potential strategic impact on an organization throughout the outsourcing lifecycle. Key issues discussed in this GTAG include: the outsourcing strategy and feasibility; selecting an IT service provider; drafting and managing contractual agreements; ensuring a smooth transition of internal operations to service providers; return on investment; effective frameworks for establishing outsourcing controls; and termination and renegotiation of services. The guidance also stresses the importance of evaluating the service provider's internal controls, and establishing a clear governance structure over the outsourcing activity to ensure accountability and effective project management.

The Institute of Internal Auditors (IIA)