If your company is large enough to have internal auditors, you may want to grab a copy of a new report from The Institute of Internal Auditors to see what role they can play in your assessment of outsourcing options.

According to the report, auditors "can help organizations with a comprehensive review of outsourcing operations, identify risks, provide recommendations to better manage the risks, and also [evaluate] the outsourcing activity's compliance with applicable laws and regulations."

The report notes what is well known at this point: many companies get so giddy about perceived savings that they enter outsourcing contracts without planning properly and without proper controls in place. The best outsourcing deals are approached as partnerships, and establishing clear metrics to audit helps maintain trust in these relationships.

The meat of the 30-page report, which was sponsored by PricewaterhouseCoopers, is in the two sections about control considerations for client and service provider operations.

In the former, the IIA says governance is the area organizations most frequently underestimate the "time and investment and the structural architecture necessary to manage accountability." It recommends a framework that addresses: alignment, feasibility, transaction, transition, optimization and transformation, and termination and renegotiation.

This structure simplifies the job of aligning the contract with business goals and monitoring the resulting relationship. But many of the recommendations are similar to the vetting companies do when entering any vendor partnership. Where it gets more interesting is in the considerations the IIA says companies should take into account when examining service provider operations.

Key to this is evaluating the outsourcing company's IT control environment. "The control environment sets the organization's tone, impacts user behavior, and is the foundation for other internal control components," the IIA says.

You want to find "strong documented policies, procedures, and guidelines, as well as a clear definition of the roles and responsibilities of information systems personnel."

Regarding the latter, it is critical for the provider to supply detailed background checks on personnel and signed confidentiality agreements. The outfit also needs to be able to control everything from employee access to printers, photocopiers, the Internet and specific data elements, the IIA says. It should also have tools to scan e-mail, log employee work and manage passwords.

Whitepapers

• PRICING STUDY: GROUNDWORK OPEN SOURCE VS. HP SOFTWARE
• Accelerating a Diverse Mix of Traffic Across the WAN
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions

View more NETWORK MANAGEMENT whitepapers

Webcasts

• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions
• Key Considerations for a Successful 802.11n Deployment

View more NETWORK MANAGEMENT webcasts

Special Reports

• Bringing IT Operations Management to Open Source and Beyond
• Ethernet Services: WAN options mature
• Executive Guide: Virtualization Reality Check
• WAN Optimization: The Ultimate No Brainer
• Keeping Spam at Bay
• Application Performance Management Executive Guide

View more NETWORK MANAGEMENT special reports