CHAPTER 6
OUTSOURCED PROCESSES: RISK AND RESOLUTION
6.1 A MATTER OF RISK
6.2 A MATTER OF RESPONSIBILITY
6.3 OUTSOURCED RISK MANAGEMENT
6.4 SAS 70 CRITICISMS
6.5 SAS 70 ALTERNATIVES
6.6 SUMMARY
NOTES
6.1 A MATTER OF RISK
The objectives of a business are not to perform internal human resource operations. Nor is the objective to perform fixed asset analysis, receivables collections, or information technology (IT) support operations. The objectives of a business are to perform its core competency, whether that is manufacturing, media production, software development, distribution, or any other activity.
This is not to say those functions are not critical, important, or valuable; they are. But all these ancillary and extraneous activities are simply a necessary evil of being in business. The key word here is necessary, since without these functions, a business could not exist. Because of this, and realizing that expending energies in noncore areas detracts from focusing on the true objectives of their business, many organizations look to third-party service providers to fill those roles.
The benefits of third-party service providers are several-fold. Since the service being provided is the core competency of the third-party service provider, it typically invests in maintaining a proficiency in its respective service area, whether that is through resource training, technology, or any other area. An additional benefit is that many times these service providers can provide ...
Get Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
