Entities may partially or fully delegate some or all of its IT asset development to a third party processor (TPP). Whereby, IT resources that may be outsourced include: infrastructure, platforms, and applications. Usually, the responsibility for confirming outsourced activity compliance with contracts, agreements, laws as well as regulations resides with the entity. When a TPP is within the SILCM ambit, IT audit is accountable for determining whether the TPP is in compliance with the contracted service’s terms of reference (TOR).
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“