Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

Most organizations have adopted some form of outsourcing. Whether it includes outsourcing IT operations, application maintenance, systems development, applications services, information security, or networking, they all constitute outsourcing.

The process and results are fraught with risks, but also have rewards. As an auditor, it is essential to understand the life cycle of an outsourcing project from initial due diligence to implementation AND the ongoing operational issues after implementation. The decision to and the ultimate execution of the outsourcing, effects the audit universe, compliance (e.g. SOx), as well as the processes affecting the business.

You will discuss the:

  • Business of outsourcing
  • Outsourcing project life cycle
  • Effect on the audit universe
  • Audit focus of ongoing IT outsourced activities

Learning Objectives:

  • Audit scope at the various phases of the initial IT Outsource project
  • Post implementation review of the effectiveness of the IT outsource contract
  • Operational audits of the outsourced processes
  • Specific concerns for compliance audits
  • Common issues that have arisen, i.e. service level agreements, failure to comply, company preparedness and ownership of processes, and escalation processes
  • Additional issues where processes are distributed to foreign entities (off shoring)
  • Use of SSAE16′s (SAS70)

Bonus: You will receive the ISACA IT Outsourcing Audit/Assurance Program Using COBIT 4.1

Course Outline

Understanding Outsourcing

  • Outsourcing concepts/terms
  • Outsourced processes
  • Motivation to Outsource
  • Vendor’s Motivation

Outsourcing Risks

  • Company risks
    • Strategic
    • Financial
    • Operational
    • Organizational
  • Vendor risks

IT Outsource Life Cycle

  • Audit objectives at each phase of life cycle
  • Controls at each phase
    • Sourcing Planning
    • Evaluation and Selection
    • Contract Development & Procurement
    • Transition
    • Remediation
    • Renewal / Termination
  • Audit involvement at each phase

On-going Outsourcing Governance

  • The effect on the audit universe
  • Overcoming compliance issues
  • Planning the general controls review
  • Planning applications review
  • Reliance on SSAE16's (SAS70) and alternatives to fill-in the gaps
  • Relationship management
  • Auditability
    • Third-party reviews
    • Internal Audit

Additional Information

Who Should Attend

Internal audit professionals responsible for evaluating the controls and processes during an outsource project and as current-state outsource operation.

Learning Level



Group-Live & Group Internet-Based



Advanced Preparation


Recommended Prerequisites

Understanding of information systems general IT controls, project management processes, SAS70 third party reviews, and contract management.

Session Duration

Online: Two 3-hour sessions

On Site: 1 day

CPE Credits: 8