Abstract
The paper analyzes the level of Information Technology (IT) and the quality of IT Controls (ITC) in outsourcing. We collected data through a questionnaire sent to a sample of Italian listed companies and performed robustness tests. Our results show that in Italy: (1) IT in outsourcing is widespread; (2) ITC in outsourcing complies with USA frameworks. ITC mainly follow the Statement of Auditing Standard No. 70 (SAS 70) Report Types 1 and 2. Concerns about quality are related to the absence of a direct evaluation in outsourcer location and the absence of audit provisions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altinkemer, K., Chaturvedi, A., Gulati, R.: Information systems outsourcing: issues and evidence. Int. J. Inf. Manag. 14(4), 252–278 (1994)
Loh, L., Venkatraman, N.: Determinants of information technology outsourcing: a cross-sectional analysis. J. Manag. Inf. Syst. 9(1), 7–24 (1992)
Hall, J.A., Liedtka, S.L.: Financial performance, CEO compensation, and large-scale information technology outsourcing decisions. J. Manag. Inf. Syst. 22(1), 193–221 (2005)
Cannon, D.M., Growe, G.A.: How does Sarbanes-Oxley affect outsouring? J. Corp. Account. Financ. 16(3), 13–20 (2005)
PCAOB—Public Company accounting oversight board: auditing standard n.5, Un audit of internal control over financial reporting that is integrated with an audit of financial statements. PCAOB, USA (2007)
SEC—Securities and exchange commission: release nos. 33-8810. 34-55929, FR-77, File S7-24-06, commission guidance regarding management’s report on internal control over financial reporting under part 13(a) or 15(d) of the securities exchange act of 1934. SEC, USA (2007)
COSO—Committee of sponsoring organizations of the treadway commission: guidance for smaller public companies reporting on internal controls over financial reporting. COSO, New York (2006)
IT Governance Institute: COBIT. Control objectives for information and related technology 4.1. IT Governance Institute (ITGI), USA (2007)
IT Governance Institute: COBIT for SOX. IT Control Objectives for Sarbanes-Oxley: The Role of IT in the design and implementation of internal control over financial reporting, 2nd edn. IT Governance Institute, USA (2006)
AICPA—American Institute of Certified Public Accountants: Statement on Auditing Standard 70 (SAS70). AICPA, USA (1992)
Denyer, C.: Understanding the Dynamics of SAS 70. Audits Benefits Compens. Digest. 43(8), 11–15 (2006b)
Laurent, W.: Outsourcing governance. Data Min Rev Mag. 16(10), 14 (2006)
Hoffman, T.: Sarbanes-Oxley mandates lead to IT certification push. Computrworld 37(44), 14 (2003)
McCann, D.: The truth about SAS70. CFO 26(7), 27–29 (2010)
McCollum, T.: A Fix for SAS70 Abuse. Intern. Auditor 67(5), 13–14 (2010)
Gazzaway, T.: SAS 70 new life for an old audit standard. Financ. Executive. 20(3), 43–44 (2004)
Bednarz, A.: Offsite security complicates compliance. Netw. World 22(11), 27–28 (2005)
Denyer, C.: Attention benefit managers: if you’re outsourcing HR/benefit functions, you need to know about SAS 70 audits. Employee Benefit News, 20(8), 14 (2006)
Germano, L., Baker, A.: Why an SAS70 review will benefit your organization. J. Pension Benefits Issues Adm. 11(1), 69–73 (2003)
Stanton, L.: Why your organization might need a SAS70 report. 401K Advisor 11(4), 8–9 (2004)
Nickell, C.G., Denyer, C.: An Introduction to SAS70. Audits Benefits Law J. 20(1), 58–68 (2007)
Rustagi, S., King, W., Kirsch, L. J.: Predictors of formal control usage in IT outsourcing partnerships. Inf. Syst. Res. 19(2), 126–143 (2008)
Barthélemy, J.: The hidden cost of IT outsourcing. MIT Sloan Manag. Rev. 42(3), 60–69 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Mazza, T., Azzali, S., Fornaciari, L. (2014). Auditing of Information Technology Controls in Outsourcing. In: Baglieri, D., Metallo, C., Rossignoli, C., Pezzillo Iacono, M. (eds) Information Systems, Management, Organization and Control. Lecture Notes in Information Systems and Organisation, vol 6. Springer, Cham. https://doi.org/10.1007/978-3-319-07905-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-07905-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07904-2
Online ISBN: 978-3-319-07905-9
eBook Packages: Business and EconomicsBusiness and Management (R0)