Entities may partially or fully delegate some or all of its IT delivery and support activities to a Third Party Provider (TPP). IT activities that may be outsourced include IT functions such as, data center operations, IT security, and application maintenance. Usually, the responsibility for confirming outsourced activity compliance with contracts, agreements, laws as well as regulations resides with the entity. When a TPP is within the IT service delivery and support ambit, IT audit is accountable for determining whether adequate TPP controls exist and are functioning as intended.
“View Part I of the Auditing IT Service Delivery and Support series here“
Post Note: As of January 12, 2012, Robert E. Davis, MBA, CISA, CICA is a Master of Science in IT Auditing and Cyber-Security Program instructor at Temple University.