IT Auditing: IT Outsourcing

- Balancing Risk vs. Reward

Michael Lapelosa, CISA

Michael Lapelosa, CISA, is a 25-year seasoned Internal Audit Professional with experience in financial services, state government and healthcare.

Michael’s responsibilities have included Internal Audit, Performance Appraisal, TQM, and Information Security.
 
Michael is a recipient of the prestigious "Tom Johnson Lifetime Achievement" award granted by the New York Chapter of The IIA.  He is very active with The IIA as both Past President of the New York Chapter and a member of the Board of Governors.

He has served as a member of the Executive Committee of the ISACA New York Chapter and a member of the ISACA Academic Relations Committee.
 
Michael is a frequent instructor and seminar leader for The Institute of Internal Auditors, USDA Graduate School, and the Foundation for Accounting Education (FAE) teaching various seminars including: 

• Internal Auditor’s Toolkit
• Integrated Auditing
• Internal Auditors Best Practices
• Internal Auditors Standards and Quality Assurance
• Computer Fraud
• CISA Review Course
• Risk Assessment
• COSO Self Assessment
• EDP Auditing
• Auditing a Paperless Environment
• Auditing for Fraud: A Proactive Approach
• Auditing Local Area Networks
• SDLC Auditing: Hitting the Hot Spots
• Effective Audit Testing
  

Michael has published several articles including Internal Auditor Toolkit, Internal Auditing and the New Model Economy, Outsourcing Self Test, Auditing Factoring Companies, and Auditing at the Crossroads.

Michael is an Adjunct Professor at Baruch College teaching Accounting Information Systems and Internal Audit.  He was a driving force in developing the Internal Audit curriculum at Baruch College.

His electronic publications include "IT Auditing: The Basics", "IT Auditing: New Systems", “Modern Integrated Audit Approach” and “Internal Auditor Toolkit” digitalSeminar^TM (a complete seminar including PowerPoint slides accompanied with a digital soundtrack) are available on CD-ROM for both individual and chapter use at http://www.pleier.com.



Outsourcing Information Technology (IT) functions has gone from a specialized trend to an integral component of today’s modern business strategy.  If properly managed, the benefits derived from such an approach can be substantial, both from a cost and efficiency standpoint.

However, in the rush to eliminate costs from the financial statements, managing the transition, actually achieving measurable benefits, and understanding risks inherent in outsourcing IT functions continues to be a mysterious world. Coupled with the issues related to off-shoring IT activities, this complex process is fraught with error, risk, inadequate or non-existent control, and operational inefficiencies.

Finally, changes in the regulatory, legal and compliance landscape increase the difficulty in achieving superior performance and results in the company becoming overly reliant on the outsource vendor to process critical IT functions.

Michael’s latest electronic publication, “IT Auditing: Outsourcing - Balancing Risk vs. Reward” navigates the outsource / off-shore minefield by illustrating IT risks and controls that management needs to consider before, during, and after IT functions are migrated to an outsource vendor.  He regularly reminds the viewer that “You can outsource the function, but not the risk!” 


As an Audit Director and Information Technology Auditor with over 25 years experience in the profession, Michael Lapelosa grappled with issues related to outsourcing / off-shoring for such major companies as Mellon Bank; Cushman and Wakefield; and First Data Corporation. As a result, he is in a unique position to provide insight regarding pitfalls to avoid and critical success factors.

Throughout this digital product Michael shares a standardized approach that he has developed which provides the viewer with a presentation consisting of 82 information packed slides.  In addition, as usual, he has prepared an extensive audit work program that can be utilized “off the shelf” or customized as needed.

Presentation

"IT Auditing: IT Outsourcing - Balancing Risk vs. Reward" PowerPoint Presentation

Click the link above to access the PowerPoint presentation. 
 
The 82-slide self-paced PowerPoint offers some excellent insights to the world of IT Outsourcing with an emphasis on opportunities for internal audit to add value in those areas.

The PowerPoint material highlights numerous insights to that topic including the following subjects:

Introduction
Audit Opportunities to Add Value
Methodology & Objectives
Integrated Approach
Business Process
Audit Steps
Benefits
Pitfalls to Avoid
Critical Success Factors

Audit Program

"IT Auditing: Outsourcing - Balancing Risk vs. Reward" Audit Program

Open in MS Word - print landscape on 81/2" x 11" paper

Open in MS Word - print landscape on 81/2" x 14" paper

Click a link above to access an actual 13-page audit program with over 100 audit steps is in MS Word format that follows and supplements the ideas presented in the PowerPoint presentation. 

The audit program can be used to help develop an approach to deploying IT Audit resource productively to the audit of "IT Outsourcing" or to modify your current approach.

Using this approach ensures the audit objectives of these audits since major controls are addressed in audit program with Work Paper Cross Reference.
 
This audit program addresses specific audit concerns in these important areas:
   

IT Governance and Oversight Framework
Vendor Selection and Contract Administration
Migration
Operation
Access Control
Physical Security
Personnel
System Development
System Maintenance

Other Resources

If you like the quality of this CD-ROM publication check http://www.pleier.com for additional resources. 
 
Current Publications - Click the link to preview:

• 21st Century Audit Management “Opportunities and Challenges“ by a number of contributing authors

• A Practitioner's Guide to Corruption Auditing by Muhammad Akram Khan

• A Practitioners Guide to Performance Auditing by Muhammad Akram Khan

• Achieving Auditor Excellence by David McNamee

• Auditing Fraud - Complete Publications, Threat Scenarios, Purchasing & Contracts Fraud by David McNamee

• Auditing IT Infrastructures by Alan Oliphant

• Auditing Purchasing and Contracts by David McNamee

• Control Self Assessment by David McNamee

• Exceeding Expectations by John D. Tongren

• Internal Auditing: Basics & Best Practices by David McNamee

• IT Auditing: An Adaptive Process by Robert E. Davis

• IT Auditing: Information Assets Protection by Robert E. Davis
  

• IT Auditing: Irregular and Illegal Acts by Robert E. Davis

• IT Auditing: IT Governance  by Robert E. Davis

• IT Auditing: IT Service Delivery and Support  by Robert E. Davis

• IT Auditing: The Basics by Michael Lapelosa

• IT Auditing: The Process by Robert E. Davis
  

• Internal Auditor Toolkit by Michael Lapelosa

• McKeever CCSA Study System by John J. McKeever

• Modern Integrated Audit Approach by Michael Lapelosa

• Operational Auditing: Adding Value to Organizations by John D. Tongren
  

• Risk Management - Best Practice, Case Studies, and Related Material by a number of contributing authors

• Risk Management and Risk Assessment by David McNamee

• Transitioning from Internal Audit to Internal Assurance
  

Print Order Form - PDF

Print Order Form - Word Document

Order Online

Thank you for purchasing a copy of the "IT Auditing: IT Outsourcing - Balancing Risk vs. Reward".