Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Infrastructure, IT Audit, Life Cycle Management, SDLC, Systems
Entities may partially or fully delegate some or all of its IT asset development to a third party processor (TPP). Whereby, IT resources that may be outsourced include: infrastructure, platforms, and applications. Usually, the responsibility for confirming outsourced activity compliance with contracts, agreements, laws as well as regulations resides with the entity. When a TPP is within the SILCM ambit, IT audit is accountable for determining whether the TPP is in compliance with the contracted service’s terms of reference (TOR).
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“