1 / 36

IT Outsourcing

IT Outsourcing. Andy Darnell Jennifer Lawrence Jessica Pruitt. Why is Outsourcing Important. http://www.tmcnet.com/channels/call-center-jobs/articles/18420-gartner-worldwide-outsourcing-market-grow-81-percent-2008.htm http://www.pwc.com/extweb/home.nsf/docid/61A657C13E328E98852574A3005DFB20

Download Presentation

IT Outsourcing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt

  2. Why is Outsourcing Important http://www.tmcnet.com/channels/call-center-jobs/articles/18420-gartner-worldwide-outsourcing-market-grow-81-percent-2008.htm http://www.pwc.com/extweb/home.nsf/docid/61A657C13E328E98852574A3005DFB20 http://www.isaca.org/Content/ContentGroups/Journal1/20058/jpdf0505-Outsourcing-BA-Risk-Manage.pdf

  3. Why is Outsourcing Important • Expected 8.1% rise in outsourcing worldwide in 2008 http://www.tmcnet.com/channels/call-center-jobs/articles/18420-gartner-worldwide-outsourcing-market-grow-81-percent-2008.htm http://www.pwc.com/extweb/home.nsf/docid/61A657C13E328E98852574A3005DFB20 http://www.isaca.org/Content/ContentGroups/Journal1/20058/jpdf0505-Outsourcing-BA-Risk-Manage.pdf

  4. Why is Outsourcing Important • Expected 8.1% rise in outsourcing worldwide in 2008 • In 2007, IT work was the number 1 outsourced service http://www.tmcnet.com/channels/call-center-jobs/articles/18420-gartner-worldwide-outsourcing-market-grow-81-percent-2008.htm http://www.pwc.com/extweb/home.nsf/docid/61A657C13E328E98852574A3005DFB20 http://www.isaca.org/Content/ContentGroups/Journal1/20058/jpdf0505-Outsourcing-BA-Risk-Manage.pdf

  5. Why is Outsourcing Important • Expected 8.1% rise in outsourcing worldwide in 2008 • In 2007, IT work was the number 1 outsourced service • 75% of U.S. companies outsourced some type of IT activity in 2004 http://www.tmcnet.com/channels/call-center-jobs/articles/18420-gartner-worldwide-outsourcing-market-grow-81-percent-2008.htm http://www.pwc.com/extweb/home.nsf/docid/61A657C13E328E98852574A3005DFB20 http://www.isaca.org/Content/ContentGroups/Journal1/20058/jpdf0505-Outsourcing-BA-Risk-Manage.pdf

  6. Why Companies Outsource? • 29% - Cost or internal headcount needs to be reduced • 22% - Internal capacity is constrained by increasing market demand • 20 % - Internal manufacturing or service performance is insufficient • 19% - Strategic process • 6% - Regulatory, legal or environment • 4% - Internal capacity underutilized http://www.isaca.org/Content/ContentGroups/Journal1/20058/OutsourcingA_Risk_Management_Perspective1.htm

  7. Disadvantage of Outsourcing • Companies may not fully understand the actual work that is outsourced • This could affect cost and satisfaction with end product or service • PwC 2007 Global Outsourcing Survey found that less than one third of companies who outsourced were completely satisfied, but 91% said they would continue to outsource http://www.pwc.com/extweb/home.nsf/docid/7AD0D4EDCB1213178525749600662148

  8. Categories of Outsourced IT Activities • Software Development • Application Support & Maintenance • Infrastructure Management Services

  9. Audit of Outsourcing • The objective of an audit of outsourcing is to determine whether: • Risks associated with outsourcing are mitigated • Objectives of outsourcing are being met • IT strategy has been modified to make best use of outsourcing “Audit of Outsourcing” Anantha Sayana

  10. Risks of Outsourcing:Business Risks • Outsourcing undesirable functions versus the ones that will provide the greatest competitive advantage • Costs of outsourcing • Not having defined goals and objectives carried over to the service provider “Outsourcing Audit Program & Internal Control Questionnaire” – www.isaca.org

  11. Risks of Outsourcing:Business Risks • Contract improperly prepared or structured • Flexibility limitations in the future • Going concern “Outsourcing Audit Program & Internal Control Questionnaire” – www.isaca.org

  12. Risks of Outsourcing:SAS 70 • If third-party services directly impact financial reporting or internal control environment activities, a company’s management is now responsible for evaluating the design and effectiveness of the control structure

  13. Risks of Outsourcing:Offshoring • Political, socio-economic, or other factors may amplify outsourcing risks • Weak controls may affect customer privacy • Privacy regulations may not be as strict in some areas • Different laws and regulations • Language barriers “10 Things to Consider when Offshoring Operations” – Tejus Trivedi, CISA, CA

  14. Risks of Outsourcing:Security Risks • Network security issues • Customer data theft or misuse • Cyber crime • Inability to closely monitor security claims

  15. Auditing and Outsourcing • It is important for the auditor to be a part of the process if a client decides to outsource • Determining what should be outsourced and reasons for outsourcing • Various alternatives with respect to outsourcing • Key components of the contract • Performance expectations “Outsourcing Audit Program & Internal Control Questionnaire” – www.isaca.org

  16. ISACA Audit Guidelinesfor Outsourcing Document G4

  17. Audit Charter • Any outsourced services must be included in the scope of the audit charter • The audit charter should explicitly include the auditor’s right to: • Review the agreement between the service user and the service provider • Carry out necessary audit work regarding the outsourced function • Report findings, conclusions and recommendations to service user management “G4 Outsourcing of IS Activities to Other Organizations – ISACA IS Auditing Guideline – www.isaca.org

  18. Planning • Obtain an understanding of the nature, timing and extent of the outsourced services • Identify and assess risks associated with the outsourced services • Obtain an understanding of which controls are the responsibility of the service provider and which controls will remain the responsibility of the service user. “G4 Outsourcing of IS Activities to Other Organizations – ISACA IS Auditing Guideline – www.isaca.org

  19. Performance of Audit Work • Audit work should be performed as if the service was being provided in the service user’s own IS environment. • Auditor must consider contractual agreements and legal requirements • Auditor should review management of outsourced services • Auditor should consider restrictions on scope and report them to management “G4 Outsourcing of IS Activities to Other Organizations – ISACA IS Auditing Guideline – www.isaca.org

  20. Reporting • After completing the audit work, the auditor should provide an audit report to the service user • The service provider may receive a report from the service user if deemed necessary • The IS auditor should also consider including a statement excluding liability to third parties “G4 Outsourcing of IS Activities to Other Organizations – ISACA IS Auditing Guideline – www.isaca.org

  21. Follow-Up Activities • Request appropriate information from the service user and the service provider on previous relevant findings, conclusions and recommendations • Determine whether appropriate corrective actions have been implemented by the service provider in a timely manner. “G4 Outsourcing of IS Activities to Other Organizations – ISACA IS Auditing Guideline – www.isaca.org

  22. Why information is important?

  23. Why information is important? • The diffusion of technology and the commodification ofinformation transforms the role of information into a resourceequal in importance to the traditionally important resources of land, labor and capital.-Peter Drucker Information Security Governance pg. 7

  24. Why information security is important? • Protecting this information is vital to the business

  25. How do we protect this information? • Governance

  26. What effects do strong IS governance provide business? • Governance • Strategic alignment • Risk management • Resource management • Performance measurement • Value delivery Information Security Governance pgs. 11-12

  27. What does information security governance provide to companies?

  28. What does information security governance provide to companies? • Value

  29. What does information security governance provide to companies? • Value • Assurance

  30. What does information security governance provide to companies? • Value • Assurance • Predictability

  31. How does outsourcing affect information security governance?

  32. How does outsourcing affect information security governance? • Less oversight

  33. How does outsourcing affect information security governance? • Less oversight • More trust

  34. Where is IT outsourcing headed? • More prevalent • Total system outsourcing • Trend toward closer outsourcing • Nicaragua • Mexico • US http://www.outsourcing-journal.com/oct2008-nicaragua.html http://www.outsourcing-journal.com/oct2008-mexico.html http://www.outsourcing-journal.com/feb2008-adm.html

  35. Where is IT outsourcing headed? • Competitive • Better service • More flexibility • Lower cost

  36. Questions? http://www.outsourcing-journal.com/oct2008-china.html

More Related