IT Auditing: IT Outsourcing
- Balancing Risk vs. Reward
About the
Author
Michael
Lapelosa, CISA
Michael’s responsibilities have included Internal Audit, Performance Appraisal, TQM, and Information Security.
Michael is a recipient of the prestigious "Tom Johnson Lifetime Achievement" award granted by the New York Chapter of The IIA. He is very active with The IIA as both Past President of the New York Chapter and a member of the Board of Governors.
He has served as a member of the Executive Committee of the ISACA New York Chapter and a member of the ISACA Academic Relations Committee.
Michael is a frequent instructor and seminar leader for The Institute of Internal Auditors, USDA Graduate School, and the Foundation for Accounting Education (FAE) teaching various seminars including:
- Internal Auditor’s Toolkit
- Integrated Auditing
- Internal Auditors Best Practices
- Internal Auditors Standards and Quality Assurance
- Computer Fraud
- CISA Review Course
- Risk Assessment
- COSO Self Assessment
- EDP Auditing
- Auditing a Paperless Environment
- Auditing for Fraud: A Proactive Approach
- Auditing Local Area Networks
- SDLC Auditing: Hitting the Hot Spots
- Effective
Audit Testing
Michael is an Adjunct Professor at Baruch College teaching Accounting Information Systems and Internal Audit. He was a driving force in developing the Internal Audit curriculum at Baruch College.
His electronic publications include "IT Auditing: The Basics", "IT Auditing: New Systems", “Modern Integrated Audit Approach” and “Internal Auditor Toolkit” digitalSeminarTM (a complete seminar including PowerPoint slides accompanied with a digital soundtrack) are available on CD-ROM for both individual and chapter use at http://www.pleier.com.
IT Auditing: IT
Outsourcing
- Balancing Risk vs. Reward
Outsourcing Information Technology (IT) functions has gone from a specialized trend to an integral component of today’s modern business strategy. If properly managed, the benefits derived from such an approach can be substantial, both from a cost and efficiency standpoint.
However, in the rush to eliminate costs from the financial statements, managing the transition, actually achieving measurable benefits, and understanding risks inherent in outsourcing IT functions continues to be a mysterious world. Coupled with the issues related to off-shoring IT activities, this complex process is fraught with error, risk, inadequate or non-existent control, and operational inefficiencies.
Finally, changes in the regulatory, legal and compliance landscape increase the difficulty in achieving superior performance and results in the company becoming overly reliant on the outsource vendor to process critical IT functions.
Michael’s latest electronic publication, “IT Auditing: Outsourcing - Balancing Risk vs. Reward” navigates the outsource / off-shore minefield by illustrating IT risks and controls that management needs to consider before, during, and after IT functions are migrated to an outsource vendor. He regularly reminds the viewer that “You can outsource the function, but not the risk!”
You can outsource the
function,
but not the risk!
but not the risk!
As an Audit Director and Information Technology Auditor with over 25 years experience in the profession, Michael Lapelosa grappled with issues related to outsourcing / off-shoring for such major companies as Mellon Bank; Cushman and Wakefield; and First Data Corporation. As a result, he is in a unique position to provide insight regarding pitfalls to avoid and critical success factors.
Throughout this digital product Michael shares a standardized approach that he has developed which provides the viewer with a presentation consisting of 82 information packed slides. In addition, as usual, he has prepared an extensive audit work program that can be utilized “off the shelf” or customized as needed.
Presentation
"IT Auditing: IT Outsourcing - Balancing Risk vs. Reward" PowerPoint Presentation
Click the link above to access the PowerPoint presentation.The 82-slide self-paced PowerPoint offers some excellent insights to the world of IT Outsourcing with an emphasis on opportunities for internal audit to add value in those areas.
The PowerPoint material highlights numerous insights to that topic including the following subjects:
Introduction
Audit Opportunities to Add Value
Methodology & Objectives
Integrated Approach
Business Process
Audit Steps
Benefits
Pitfalls to Avoid
Critical Success Factors
Audit Opportunities to Add Value
Methodology & Objectives
Integrated Approach
Business Process
Audit Steps
Benefits
Pitfalls to Avoid
Critical Success Factors
Audit
Program
"IT Auditing: Outsourcing - Balancing Risk vs. Reward" Audit Program
Open in MS Word - print landscape on 81/2" x 11" paperOpen in MS Word - print landscape on 81/2" x 14" paper
Click a link above to access an actual 13-page audit program with over 100 audit steps is in MS Word format that follows and supplements the ideas presented in the PowerPoint presentation.
The audit program can be used to help develop an approach to deploying IT Audit resource productively to the audit of "IT Outsourcing" or to modify your current approach.
Using this approach ensures the audit objectives of these audits since major controls are addressed in audit program with Work Paper Cross Reference.
This audit program addresses specific audit concerns in these important areas:
IT
Governance and Oversight Framework
Vendor Selection and Contract Administration
Migration
Operation
Access Control
Physical Security
Personnel
System Development
System Maintenance
Vendor Selection and Contract Administration
Migration
Operation
Access Control
Physical Security
Personnel
System Development
System Maintenance
Other
Resources
If you like the quality of this product please check http://www.pleier.com for additional resources.
Please tell other Audit Professionals during your sharing about these resources.
Thank you.
President
Pleier Corporation