Point to remember for CISA Exam: Outsourcing
(1)In any given scenario, out of all the options, most desirable option has to be ‘to have written agreement with outsourcing vendors’. First and most important priority should be given to written agreement for outsourcing contract.
Following clauses are must in any outsourcing contracts from IS auditor point of view:
-clause with respect to ownership of intellectual property rights
-clause with respect to data confidentiality and privacy.
-clause with respect to BCP & DRP.
-clause with respect to right to audit.
(2)In any given scenario, two main advantage of outsourcing in their preferential order are:
-Expert service can be obtained from outside (so organisation can concentrate on its core business)
-Cost Saving.
(3)In any given scenario, no organisation can outsourced or transfer its accountability. Even if any process has been outsourced, final accountability lies with the organization.