AA30 ● Auditing outsourcing strategy and risks I Insight sign𝒾𝓃sight

The outsourcing of certain business processes has become unavoidable in today's information society. Specialised IT companies are often better equipped to provide you with specific digital services, as well as to manage and secure your data and that of your customers. Nevertheless, as a company, you remain accountable. So it is important to minimise the risks of outsourcing. You must be able to evaluate the quality of the service provided by the external party. Only in this way can you expertly manage outsourced activities.


  • Understand outsourcing activities (IT and non-IT)
  • Assess risks relating to outsourced activities
  • Identify the required controls
  • Learn about the Assurance Engagements on Third-party Service Organisations
  • Become familiar with practices to audit outsourced activities (IT and non-IT)
  • Get practical experience based on a case studies


This course gives you a thorough knowledge of all outsourcing risks and how you can manage and reduce them to an acceptable level. You can apply control measures and auditing techniques to outsourced business processes and the organisations to which you are subcontracted. In this way, your business will always remain in control. Our training is based on practical cases.

  • Outsourcing definition
  • Outsourcing life cycle
  • Outsourcing governance (organization, roles and responsibilities, processes)
  • Outsourcing risks and impact
  • Key outsourcing controls
  • Assurance engagements on third-party service organizations: SAS70, ISAE3402, SysTrust
  • Internal audit considerations
  • IT outsourcing and types of IT outsourcing
  • IT control frameworks (CobiT, ITIL, ISO 27001)
  • Outsourcing case

Target audience

  • Internal auditors with experience in operational environments;
  • IT/IS Auditors;
  • Auditors with practical IT audit experience;
  • Auditors involved in auditing outsourced activities;
  • Business management and business owners, responsible for outsourcing activities;
  • Any person involved with outsourcing;
  • Information security and IT experts;
  • Quality professionalsChief Executives,


Participants should have a basic audit and/or outsourcing experience.


Patrick Soenen, professional in risk management, audit and IT.

Training duration

The standard training lasts 2 day and can of course be adapted to your requirements.


Have a look at our training calendar for the next training dates

General information

  • Continuing Professional Education: 14 CPE hours.
  • Course level : This course corresponds to level 2 "Understanding" on the 6 level scale of Bloom's taxonomy, a hierarchy used to classify educational levels.
  • References: IIA Belgium, Belgian Railways.
  • We can coach your staff in auditing outsourcing risks and strategy.
  • We would welcome the opportunity to make you a tailored offer.


Back to overview