Udfordringer og overvejelser i forbindelse med IT-outsourcing

Morten Weber Olesen

Student thesis: Master thesis


The purpose of this thesis is to give advice on how companies and auditors should handle the outsourcing process, including the challenges and concerns the company faces when deciding on the use of IT outsourcing in the long run. Furthermore the thesis addresses the problems the auditor faces during his audits of businesses using IT outsourcing and aims to give advice on this subject. The advice/recommendations outlined in this thesis will be based upon the following research questions; How should the company handle the outsourcing of IT? What is required of the auditor in the audit of IT? What things does an auditor need to consider when auditing the outsourcing of IT? What are the advantages and disadvantages, including risks associated with the outsourcing of IT? These questions will be answered by analyzing the theory in connection with a case created for this thesis. The case is based on a fictitious company and its problems have been made to provide a basis for discussion for the present analysis. The analysis is divided into two chapters, each with two sub-elements. The first chapter takes the perspective of the company during its consideration prior to the outsourcing option and later when the outsourcing has been implemented. The second chapter analyzes the two scenarios from the auditor’s point of view. The majority of the challenges and considerations the company is facing are of firm-specific nature, which is why it is impossible to arrive at a general set of recommendations when it comes to IT outsourcing. The recommendations in this thesis are nevertheless relevant to most businesses. If the company follows the recommendations presented, the company will significantly improve the likelihood of a successful outsourcing. One of the key success factors in this context is company preparation prior to the implementation of outsourcing. In general, the auditor should be involved in the outsourcing process as early as possible, since he usually has good professional insight and competence. Furthermore, the auditor is able to advise on the company’s IT security and make the necessary additions to the outsourcing contract. When the auditor is auditing the outsourcing, he should base it on the requirements outlined in the Danish auditing standard 402. In this context the auditor should assess the possibility of using statements that are appropriate for the outsourcing scenario. In using statements, auditors should pay particular attention to the associated risks, including insufficient statements, the suppliers’ auditors’ level of competence and compliance with the laws. If the auditor and the company use the recommendations in the thesis, they will be more likely to achieve a successful implementation and auditing of IT-outsourcing.

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
Publication date2009
Number of pages80