Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAuditing IT Outsourcing
Course Description Course Outline Bring Us On Site  

Auditing IT Outsourcing

Course Description

Print-friendly Course Description and Outline

Most organizations have adopted some form of IT outsourcing, including outsourcing IT operations, application maintenance, systems development, applications services, information security, or networking.​

The process and results are fraught with risks, but also have rewards. As an auditor, it is essential to understand the life cycle of an outsourcing project, from initial due diligence to implementation and the ongoing operational issues after implementation. The decision to outsource and the ultimate execution of the outsourcing effects the audit universe, particularly with regard to compliance (e.g. SOX) and processes affecting the business.​

In this course, which is designed for internal audit professionals responsible for evaluating the controls and processes during an outsourced project and as current-state outsource operation, we will discuss the:​

  • Business of outsourcing.
  • Outsourcing project life cycle.
  • Effect on the audit universe.
  • Audit focus of ongoing IT outsourced activities.​​​​​​​
Course Duration: 1 day(s)
CPE Hours Available: 7
Knowledge Level: Intermediate
Field of Study: Auditing

Participants should have an understanding of information systems general IT controls, project management processes, SAS 70 third party reviews, and contract management.​​

Advance Preparation: 


Delivery Format: On-site Training (Group-Live)

Audit Evidence

  • Why evidence is important
  • Different types of evidence
  • Methods to gather evidence
  • Best types of evidence
  • Determine and review audit evidence that is appropriate, sufficient, and persuasive to support audit conclusions — examples provided

Understanding Outsourcing

  • Outsourcing concepts/terms
  • Outsourced processes
  • Motivation to outsource
  • Vendor’s motivation

Outsourcing Risks

  • Company risks
  • Vendor risks

IT Outsource Life Cycle

  • Audit objectives at each phase of life cycle
  • Controls at each phase
  • Audit involvement at each phase

Ongoing Outsourcing Governance

  • The effect on the audit universe
  • Overcoming compliance issues
  • Planning the general controls review
  • Planning applications review
  • Reliance on SSAE16s (SAS70) and alternatives to fill-in the gaps
  • Relationship management
  • Auditability

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to​