IT Auditing: IT Outsourcing

- Balancing Risk vs. Reward

About the Author

Michael Lapelosa
Michael Lapelosa, CISA

Michael Lapelosa, CISA, is a 25-year seasoned Internal Audit Professional with experience in financial services, state government and healthcare.

Michael’s responsibilities have included Internal Audit, Performance Appraisal, TQM, and Information Security.
Michael is a recipient of the prestigious "Tom Johnson Lifetime Achievement" award granted by the New York Chapter of The IIA.  He is very active with The IIA as both Past President of
the New York Chapter and a member of the Board of Governors.

He has served as a member of the
Executive Committee of the ISACA New York Chapter and a member of the ISACA Academic Relations Committee.
Michael is a frequent instructor and seminar leader for The Institute of Internal Auditors, USDA Graduate School, and the Foundation for Accounting Education (FAE) teaching various seminars including: 
Michael has published several articles including Internal Auditor Toolkit, Internal Auditing and the New Model Economy, Outsourcing Self Test, Auditing Factoring Companies, and Auditing at the Crossroads.

Michael is an Adjunct Professor at Baruch College teaching Accounting Information Systems and Internal Audit.  He was a driving force in developing the Internal Audit curriculum at Baruch College.

His electronic publications include "IT Auditing: The Basics",
"IT Auditing: New Systems", Modern Integrated Audit Approach” and “Internal Auditor Toolkit” digitalSeminarTM (a complete seminar including PowerPoint slides accompanied with a digital soundtrack) are available on CD-ROM for both individual and chapter use at

CD and computer

IT Auditing: IT Outsourcing

- Balancing Risk vs. Reward

Outsourcing Information Technology (IT) functions has gone from a specialized trend to an integral component of today’s modern business strategy.  If properly managed, the benefits derived from such an approach can be substantial, both from a cost and efficiency standpoint.

However, in the rush to eliminate costs from the financial statements, managing the transition, actually achieving measurable benefits, and understanding risks inherent in outsourcing IT functions continues to be a mysterious world. Coupled with the issues related to off-shoring IT activities, this complex process is fraught with error, risk, inadequate or non-existent control, and operational inefficiencies.

Finally, changes in the regulatory, legal and compliance landscape increase the difficulty in achieving superior performance and results in the company becoming overly reliant on the outsource vendor to process critical IT functions.

Michael’s latest electronic publication, “IT Auditing: Outsourcing - Balancing Risk vs. Reward” navigates the outsource / off-shore minefield by illustrating IT risks and controls that management needs to consider before, during, and after IT functions are migrated to an outsource vendor.  He regularly reminds the viewer that “You can outsource the function, but not the risk!” 

You can outsource the function,
but not the risk!

As an Audit Director and Information Technology Auditor with over 25 years experience in the profession, Michael Lapelosa grappled with issues related to outsourcing / off-shoring for such major companies as Mellon Bank; Cushman and Wakefield; and First Data Corporation. As a result, he is in a unique position to provide insight regarding pitfalls to avoid and critical success factors.

Throughout this digital product Michael shares a standardized approach that he has developed which provides the viewer with a presentation consisting of 82 information packed slides.  In addition, as usual, he has prepared an extensive audit work program that can be utilized “off the shelf” or customized as needed.

CD and computer


"IT Auditing: IT Outsourcing - Balancing Risk vs. Reward" PowerPoint Presentation

Click the link above to access the PowerPoint presentation. 
The 82-slide self-paced PowerPoint offers some excellent insights to the world of IT Outsourcing with an emphasis on opportunities for internal audit to add value in those areas.

The PowerPoint material highlights numerous insights to that topic including the following subjects:

Audit Opportunities to Add Value
Methodology & Objectives
Integrated Approach
Business Process
Audit Steps
Pitfalls to Avoid
Critical Success Factors

CD and computer

Audit Program

"IT Auditing: Outsourcing - Balancing Risk vs. Reward" Audit Program

Open in MS Word - print landscape on 81/2" x 11" paper

Open in MS Word - print landscape on 81/2" x 14" paper

Click a link above to access an actual 13-page audit program with over 100 audit steps is in MS Word format that follows and supplements the ideas presented in the PowerPoint presentation. 

The audit program can be used to help develop an approach to deploying IT Audit resource productively to the audit of "IT Outsourcing" or to modify your current approach.

Using this approach ensures the audit objectives of these audits since major controls are addressed in audit program with Work Paper Cross Reference.
This audit program addresses specific audit concerns in these important areas:
IT Governance and Oversight Framework
Vendor Selection and Contract Administration
Access Control
Physical Security
System Development
System Maintenance

Other Resources

If you like the quality of this product please check for additional resources.

Order Online

Please tell other Audit Professionals during your sharing about these resources.

Thank you.

Pleier Corporation