Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • 05 Auditing It Governance Controls 4 PDF

    Загружено:

    keziah guillermo
    24 просмотров14 страниц

    Оригинальное название

    05 auditing it governance controls 4.pdf

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    24 просмотров14 страниц

    05 Auditing It Governance Controls 4 PDF

    Загружено:

    keziah guillermo

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 14

    Auditing IT Governance Controls

    Outsourcing the IT Function


    Introduction
    ● The costs, risks, and responsibilities
    associated with maintaining an effective
    corporate IT function are significant. Many
    executives have therefore opted to outsource
    their IT function to third-party vendors who take
    over responsibility for the management of IT
    assets and staff and for delivery of IT services,
    such as data entry, data center operations,
    applications development, applications
    maintenance, and network management.
    Outsourcing the IT Function
    Benefits of IT outsourcing
    ● Improved core business performance
    ● Improved IT performance
    ● Reduced IT costs
    Outsourcing the IT Function
    Logic underlying IT outsourcing
    ● Follows from core competency theory, which
    argues that an organization should focus
    exclusively on its core business competencies.
    ● This premise, however, ignores an important
    distinction between commodity and specific IT
    assets.
    Outsourcing the IT Function
    Logic underlying IT outsourcing
    ● Commodity IT assets are not unique to a
    particular organization and are thus easily
    acquired in the marketplace. These include
    such things as network management, systems
    operations, server maintenance, and help-desk
    functions.
    Outsourcing the IT Function
    Logic underlying IT outsourcing
    ● Specific IT assets are unique to the
    organization and support its strategic
    objectives. Specific assets have little value
    outside their current use. Such assets may be
    tangible (computer equipment), intellectual
    (computer programs), or human. Examples
    include systems development, application
    maintenance, data warehousing, and highly
    skilled employees trained to use organization-
    specific software.
    Outsourcing the IT Function
    Logic underlying IT outsourcing
    ● Transaction Cost Economics (TCE) theory,
    is in conflict with the core competency theory
    school by suggesting that firms should retain
    certain specific non-core IT assets in-house.
    Specific assets cannot be easily replaced once
    they are given up in an outsourcing
    arrangement.
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    1.Failure to perform
    2.Vendor exploitation
    3.Outsourcing costs exceed benefits
    4.Reduced security
    5.Loss of strategic advantage
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    1.Failure to perform
    Once a client firm has outsourced specific IT
    assets, its performance becomes linked to the
    vendor's performance.
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    2.Vendor exploitation
    Large-scale IT outsourcing involves transferring to
    a vendor “specific assets”. Once the client has
    divested itself of such specific assets it becomes
    dependent on the vendor. The vendor may
    exploit this dependency by raising service rates
    to an exorbitant level. As the client's IT needs
    develop over time beyond the original contract
    terms, it runs the risk that new or incremental
    services will be negotiated at a premium.
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    3.Outsourcing costs exceed benefits
    Outsourcing clients often fail to anticipate the costs
    of vendor selection, contracting, and the
    transitioning of IT operations to the vendors.
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    4.Reduced security
    Information outsourced to offshore IT vendors
    raises unique and serious questions regarding
    internal control and the protection of sensitive
    personal data (e.g., medical records).
    Outsourcing the IT Function
    Risks Inherent to IT Outsourcing
    5.Loss of strategic advantage
    Organizations that use IT strategically must align
    business strategy and IT strategy or run the risk
    of decreased business performance.
    The vendor is naturally driven to toward seeking
    common solutions that may be used by many
    clients rather than creating unique solutions for
    each of them.
    Outsourcing the IT Function
    Audit Implications of IT Outsourcing
    ● The use of a service organization does not
    reduce management's responsibility to maintain
    effective internal control over financial reporting.
    ● Therefore, if an audit client firm outsource its IT
    function to a vendor that processes its
    transactions, hosts key data, or performs other
    significant services, the auditor will need to
    conduct an evaluation of the vendor
    organization's controls.

    Вам также может понравиться