16. Each successful initiative begins with a careful consideration of the business case, which specifies the investment schedule and the expected business benefits, In terms of cost reduction and maximized work efficiency over sixto twelve-months period. A well-constructed business case also indicates how identified benefits are to be accomplished through a careful alignment of vendor selection, an established transition and process improvement approach, and the use of risk and security solutions. This slide shows a typical IT/ITES Outsourcing Life cycle, which includes alignment, feasibility, transaction, transition, optimization/transformation, and termination/renegotiation phases. Outsourcing lifecycle www.zietasolutions.in (Copyright Right's Reserved)
17. Here is some examples of risks related IT Outsourcing. IT Outsourcing Risks www.zietasolutions.in (Copyright Right's Reserved)
23. Define well-integrated IT management processes for the client and service provider.Key Control Considerations – Client Operations www.zietasolutions.in (Copyright Right's Reserved)
24.
25. Data protection, privacy, and intellectual property
39. Delivering the business case – realizing the benefits.Key Control Considerations – Client Operations www.zietasolutions.in (Copyright Right's Reserved)
47. HR policies and proceduresKey Control Considerations – Service Provider Operations www.zietasolutions.in (Copyright Right's Reserved)
48. Are the services outsourced significant to the client? Does the client have a well-defined outsourcing strategy? What is the governance structure relating to outsourced operations? Are roles and responsibilities clearly defined? Was a detailed risk analysis performed at the time of outsourcing, and is a regular risk analysis being done? Do formal contracts or SLAs exist for the outsourced activities? Top 10 questions CAE should ask www.zietasolutions.in (Copyright Right's Reserved)
49. Does the SLA clearly define KPIs for monitoring vendor performance? How is compliance with the contract or SLA monitored? What is the mechanism used to address noncompliance with the SLA? Are the responsibilities of the ownership of data, system, communication system, operating system, utility software, and application software clearly defined and agreed upon with the service provider? What is the process of gaining assurance on the operating effectiveness of the internal controls at the service provider’s end? Top 10 questions CAE should ask www.zietasolutions.in (Copyright Right's Reserved)