Our IT Vendor Management Audit Work Program is designed to help organizations audit and manage their IT vendor relationships effectively. It includes detailed methodologies for assessing the policies, processes and controls related to outsourcing IT services. The program focuses on evaluating risk management strategies, vendor selection procedures, contract compliance and ongoing vendor performance. This ensures that companies can maintain robust oversight and mitigate risks associated with IT outsourcing.

Included within the document are two samples of audit work programs, each tailored to guide users through the initial planning stages, execution and review of IT vendor management practices. These samples outline steps for engaging with IT management to understand service scopes, identify potential risks and set comprehensive audit scopes. They serve as practical templates that organizations can adapt to fit their specific operational needs, enhancing their ability to oversee and control IT vendor engagements effectively.

Audit steps include:

• Understand management’s perspective on areas of risk within the process and rationale for including them in the audit plan.
• Establish the preliminary scope and depth/breadth of the review.
• Schedule planning/scoping meetings with IT management to understand the full scope of outsourced products/services.
• Schedule closing meetings with the auditee to discuss analysis, results and reporting timelines.