Scribd
Upload
45 views23 pages

IT Outsourcing: Risks and Benefits

The document discusses IT outsourcing and the risks and benefits. It outlines different types of IT assets that may be outsourced, including commodity and specific assets. Commodity assets can easily be outsourced while specific assets are unique to an organization and pose more risk if outsourced. The document also discusses cloud computing models and the risks of outsourcing like security issues and loss of strategic advantage.

Uploaded by

ssfsds
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views23 pages

IT Outsourcing: Risks and Benefits

The document discusses IT outsourcing and the risks and benefits. It outlines different types of IT assets that may be outsourced, including commodity and specific assets. Commodity assets can easily be outsourced while specific assets are unique to an organization and pose more risk if outsourced. The document also discusses cloud computing models and the risks of outsourcing like security issues and loss of strategic advantage.

Uploaded by

ssfsds
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Auditing IT Governance

Controls
Laurinaria Beverly
L a t a g a n J h a n i n e
Pasano Angelica Jean

Group 5
OUTSOURCING THE IT
FUNCTION
● The costs, risks, and responsibilities associated with maintaining an
effective corporate IT function are significant. Many executives have
therefore opted to outsource their IT function to third-party vendors who
take over responsibility for the management of IT assets and staff and for
delivery of IT services, such as data entry, data center operations,
applications development, applications maintenance, and network
management.
BENEFITS OF IT
OUTSOURCING
Improved core Improved IT
business performance
performance

Reduced IT costs
LOGIC UNDERLYING
IT OUTSOURCING
● Follows from core competency theory, which argues that an
organization should focus exclusively on its core business
competencies.
● This premise, however, ignores an important distinction between
commodity and specific IT assets.
COMMODITY IT
ASSETS
● COMMODITY IT ASSETS ARE NOT
UNIQUE TO A PARTICULAR
ORGANIZATION AND ARE THUS EASILY
ACQUIRED IN THE MARKETPLACE. THESE
INCLUDE SUCH THINGS AS NETWORK
MANAGEMENT, SYSTEMS OPERATIONS,
SERVER MAINTENANCE, AND HELP-DESK
FUNCTIONS.
SPECIFIC IT ASSETS
are unique to the organization and support its
strategic objectives. Specific assets have little value
outside their current use. Such assets may be
tangible (computer equipment), intellectual
(computer programs), or human. Examples include
systems development, application maintenance, data
warehousing, and highly skilled employees trained to
use organization specific software.
TRANSACTION COST ECONOMICS
(TCE) THEORY
is in conflict with the core competency theory
school by suggesting that firms should retain
certain specific non-core IT assets in-house.
Specific assets cannot be easily replaced once
they are given up in an outsourcing arrangement.
CLOUD COMPUTING
variant of IT outsourcing, called cloud
computing, is location-independent computing
whereby shared data centers deliver hosted
IT service over the internet.
3 PRIMARY CLASSES

S OFTWARE-AS-A-SERVICE
I NFRASTRUCTURE-AS-A-SERVICE
P LATFORM-AS-A-SERVICE
S OFTWARE-AS-A-SERVICE

Software distribution model in which service


providers host applications for client
organizations over a private network or the
Internet.

I NFRASTRUCTURE-AS-A-SERVICE

Provision of computing power


and disk space to client firms
who access it from desktop
PCs.

P LATFORM-AS-A-SERVICE

Enables client firms to develop and


deploy onto the cloud infrastructure
consumer generated applications using
facilities
VIRTUALIZATION

● The technology that has unleashed cloud computing.


● Multiplies the effectiveness of the physical system
by creating virtual (software) versions of the
computer with separate operation systems that reside
in the same physical equipment.
VIRTUALIZATION: 2 OTHERS AREAS
OF IT

Network Virtualization Storage Virtualization


Increases effective network bandwidth by Pooling of physical storage from
dividing it into independent channels, multiple network storage devices into
which are then assigned to separate what appears to be a single virtual
virtual computers. device.
RISKS INHERENT TO IT
OUTSOURCING
Failure to perform

Vendor exploitation Reduced security

Outsourcing costs Loss of strategic


exceed benefits advantage
FAILURE TO PERFORM
Once a client firm has outsourced
specific IT assets, its performance
becomes linked to the vendor's
performance.
VENDOR EXPLOITATION
Large-scale IT outsourcing involves transferring to a vendor
“specific assets”. Once the client has divested itself of
such specific assets it becomes dependent on the vendor.
The vendor may exploit this dependency by raising service
rates to an exorbitant level. As the client's IT needs
develop over time beyond the original contract terms, it
runs the risk that new or incremental services will be
negotiated at a premium.
OUTSOURCING COSTS EXCEED
BENEFITS
Outsourcing clients often fail to anticipate
the costs of vendor selection, contracting,
and the transitioning of IT operations to
the vendors.
REDUCED SECURITY

Information outsourced to offshore IT


vendors raises unique and serious questions
regarding internal control and the
protection of sensitive personal data (e.g.,
medical records).
LOSS OF STRATEGIC ADVANTAGE
Organizations that use IT strategically must
align business strategy and IT strategy or run
the risk of decreased business performance.
The vendor is naturally driven to toward seeking
common solutions that may be used by many
clients rather than creating unique solutions for
each of them.
AUDIT IMPLICATIONS OF IT
OUTSOURCING
● The use of a service organization does not reduce
management's responsibility to maintain effective internal
control over financial reporting.
● Therefore, if an audit client firm outsource its IT function
to a vendor that processes its transactions, hosts key data, or
performs other significant services, the auditor will need to
conduct an evaluation of the vendor organization's controls.
CLIENT 1 CLIENT
T
SSAE 16 REPORT
OR AUDITOR A
REP
16
SAE
S

16 REPORT CLIENT 2 CLIENT


SSAE
SSAE 16 REPORT AUDITOR B
OUTSOURCING
VENDOR
SSAE 16 R
EPORT
CLIENT
CLIENT 3 SSAE 16 REPORT
LS
TRO

SS AUDITOR C
RT
CON

AE
EPO

16
6R

RE
IEW

PO
E1

RT
REV

SSA

CLIENT
VENDOR
CLIENT 4 SSAE 16 REPORT AUDITOR D
AUDITOR
THANK YOU
FOR WATCHING

You might also like