1. Outsourcing Function Flashcards
In-sourced
Activity performed by the organization’s staff
Outsourced
Activity performed by vendor’s staff
Hybrid
Activity performed jointly by organization’s staff & vendor’s staff
Onsite
Staff works onsite in IT department
Offsite
Staff works from remote location in same geographical area. Also known as near-shore
Offshore
Staff works from remote location from different geographical area.
When functions should not be outsourced
1- In case of core functions of the organization
2-If function requires specific knowledge, processes and critical staffs that cannot be replicated externally or in another location.
3-In case of contractual or regulatory restrictions preventing outsourcing.
4-Accountability
When can functions be outsourced
1-If it can be performed with the same quality (or higher quality ) with same price (or lower price) by another party without increasing risk.
2- If Organization has sufficient experience of managing third parties performing on behalf of
organization
Steps for Outsourcing
1-Define the function to be outsources
2-Define Service Level requirements
3-Know the current In-house cost to be compared with bids.
3-Conduct due diligence of service providers,
4-Confirm contractual or regulatory requirements for outsourcing.
What is outsourcing
A convenient way to transfer some operations to an external organization, thereby allowing the outsourcing organization to be more agile to improve focus on core competencies.
Risk Reduction options for outsourcing
·1. Service level Agreement to contain measurable performance requirements.
2· Escrow arrangement for propriety software.
3· Use of multiple suppliers to reduce risk of dependency.
4· Periodic performance review.
5· Establishing cross-functional contract management team.
6· Establishing necessary controls for foreseen contingencies.
Provisions in Outsourcing Contracts
Service level Agreement should serve as instrument for control
Clauses in the SLA
1· Service level Agreement to contain measurable performance requirements.
2· Confidentiality agreements protecting both the parties.
3· ‘Right to Audit’ clause.
4· Business Continuity & Disaster Recovery Provisions.
5· Protecting Intellectual Property Rights.
6· Requirements for confidentiality, Integrity & Availability (CIA) of resources/systems/data.
Role of IS Auditor-Monitoring of Outsourced Activities:
1· Regular review of contracts and service levels.
2· Review of outsources documented procedures and outcome of their quality programs.
3· Regular audits to certify that the process and procedures meet the quality standards.
