Governance of Enterprise IT (CGEIT) Certification Practice Exam

How is IT risk associated with the outsourcing of IT services BEST managed?

• A. Development of policies and procedures
• B. Performance of due diligence audits
• C. Creation of multiple sourcing strategies
• D. Inclusion of controls and service level agreements (SLA) into contracts

The correct answer is: Inclusion of controls and service level agreements (SLA) into contracts

The management of IT risk associated with the outsourcing of IT services is most effectively addressed through the inclusion of controls and service level agreements (SLA) into contracts. This approach ensures that there are clear expectations and requirements that the outsourced service provider must adhere to, which helps mitigate the risks related to service delivery, performance, security, and compliance. By specifying controls in the contract, organizations can establish protocols for monitoring, incident management, and compliance with relevant regulations. Additionally, SLAs define measurable aspects of the service, such as uptime, responsiveness, and quality metrics, providing a basis for accountability. In the event of a service provider failing to meet these standards, the organization can leverage the SLA to pursue remedies or to reassess the relationship with the provider. Establishing these controls and agreements not only protects the organization’s interests but also fosters a more collaborative relationship with the service provider, as both parties have a clear understanding of expectations and obligations. This proactive approach to risk management regarding outsourcing significantly reduces potential vulnerabilities associated with third-party engagements.