Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Most organizations have adopted some form of outsourcing. Whether it includes outsourcing IT operations, application maintenance, systems development, applications services, information security, or networking, they all constitute outsourcing. The advent of the “cloud” has added another dimension to outsourcing.

The process and results are fraught with risks, but also have rewards. As an auditor, it is essential to understand how outsourcing affects the controls environment and the audit universe and how to apply it.

You will discuss the:

  • Business of outsourcing
  • Effect on the audit universe
  • The principles of outsourcing – its benefits and limitations
  • How to audit in an outsourced environment

Learning Objectives:

  • Understand the benefits and risks of outsourcing
  • Identify the specific risks and controls for the various outsourced environments
  • Describe how to use a Third-Party Report as an audit tool
  • Identify common issues that have arisen in both the process of outsourcing and how to audit the outsourced business processes

Course Outline

Defining Outsourcing

  • Outsourcing concepts/terms
  • Outsourced scope
    • Applications
    • Infrastructure
    • Development
  • Cloud Computing
  • Comparing Company and Vendor Motivation for Outsourcing

General Risks

  • Company risks
    • Strategic
    • Financial
    • Operational
    • Organizational
  • Vendor Risks
  • Additional Risks with Cloud Computing

Organizational Changes Required to Manage Outsourcing

  • Issue Management
  • Delivery ManagementRisks
  • Relationship Management


  • Considerations in the New Contract
    • Intellectual Property
    • Auditability
    • SLAs
  • Managing Audits with In-Force Contracts
  • Regulatory Compliance
  • Governance

Auditing the Outsourced Environment

  • The effect on the audit universe
  • Planning
  • Scoping the audit to satisfy audit requirements
  • Understanding the your limits in auditing the vendor
  • Overcoming compliance issues
  • Using Third-Party Reports
    • Understanding the Benefits and Limitations of the Third-Party Reports
    • Types of Third-Party Reports (SSAE16, SOC 1/2/3)
  • Performing the audit
    • Gap analysis
    • Internal gap remediation
    • Vendor gap reporting and remediation
    • Auditing contract and service level compliance
    • Solving vendor/company differences
    • Auditing contract and service level compliance
  • Relationship management

Additional Information

Who Should Attend

Internal audit professionals responsible for evaluating the controls and processes during an outsource project and as current-state outsource operation.

Learning Level




Advanced Preparation


Recommended Prerequisites

Understanding of information systems general IT controls, project management processes, SSAE16, third party reviews, and contract management.

Session Duration

On Site: 1 day

CPE Credits: 8

Questions? Contact us

Phone: +1 (781) 784-4390
Fax: +1 (781) 705-2327
Email: fill out form below

    [recaptcha size:compact class:captcha]