Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Most organizations have adopted some form of outsourcing. Whether it includes outsourcing IT operations, application maintenance, systems development, applications services, information security, or networking, they all constitute outsourcing. The advent of the “cloud” has added another dimension to outsourcing.

The process and results are fraught with risks, but also have rewards. As an auditor, it is essential to understand how outsourcing affects the controls environment and the audit universe and how to apply it.

You will discuss the:

  • Business of outsourcing
  • Effect on the audit universe
  • The principles of outsourcing – its benefits and limitations
  • How to audit in an outsourced environment

Learning Objectives:

  • Understand the benefits and risks of outsourcing
  • Identify the specific risks and controls for the various outsourced environments
  • Describe how to use a Third-Party Report as an audit tools
  • Identify common issues that have arisen in both the process of outsourcing and how to audit the outsourced business processes

Bonus: You will receive the ISACA IT Outsourcing Audit/Assurance Program Using COBIT 4.1

Course Outline

Defining Outsourcing

  • Outsourcing concepts/terms
  • Outsourced scope
    • Applications
    • Infrastructure
    • Development
  • Cloud Computing
  • Comparing Company and Vendor Motivation for Outsourcing

General Risks

  • Company risks
    • Strategic
    • Financial
    • Operational
    • Organizational
  • Vendor Risks
  • Additional Risks with Cloud Computing

Organizational Changes Required to Manage Outsourcing

  • Issue Management
  • Delivery ManagementRisks
  • Relationship Management

Contracts

  • Considerations in the New Contract
    • Intellectual Property
    • Auditability
    • SLAs
  • Managing Audits with In-Force Contracts
  • Regulatory Compliance
  • Governance

Auditing the Outsourced Environment

  • The effect on the audit universe
  • Planning
  • Scoping the audit to satisfy audit requirements
  • Understanding the your limits in auditing the vendor
  • Overcoming compliance issues
  • Using Third-Party Reports
    • Understanding the Benefits and Limitations of the Third-Party Reports
    • Types of Third-Party Reports (SSAE16, SOC 1/2/3)
  • Performing the audit
    • Gap analysis
    • Internal gap remediation
    • Vendor gap reporting and remediation
    • Auditing contract and service level compliance
    • Solving vendor/company differences
    • Auditing contract and service level compliance
  • Relationship management

Additional Information

Who Should Attend

Internal audit professionals responsible for evaluating the controls and processes during an outsource project and as current-state outsource operation.

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Understanding of information systems general IT controls, project management processes, SSAE16, third party reviews, and contract management.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8