Organisations have traditionally seen outsourcing as a way to reduce costs and simultaneously increase their return on investment. Companies eager to leverage the cost benefits have shifted outsourcing from low-risk to high-end functions like IT services, Business Processing Outsourcing (BPO) and research services. Today outsourcing has become a key business strategy for enterprises that believe in devoting their resources to their key business operations.
Patrick Soenen wrote an article about the audit of outsourcing risks, in which for instance he covers the following subjects:
- Outsourcing can be a major risk to organisations in both the public and private sectors, due to uncertainties over cost, quality, security, management and delivery. However, risk cannot be outsourced.
- One specific form of outsourcing is cloud computing. Is cloud computing worth the risk?
- Auditing outsourcing is essential when managing outsourcing risks, for all outsourcers.
- The ‘right to audit’ clause is mandatory for all types of organisations.
- Does the GDPR impact the right to audit?
- How can audit support the board or the audit committee regarding outsourced services?