This audit deals with the acquisition, management and disposal of IT goods and services. Principle 5.4 of King III™ states that “The board should monitor and evaluate significant IT investments and expenditure.” IT investment and expenditure includes the acquisition, management and disposal of IT goods or services.
Types of IT goods or services, include:
- IT infrastructure,
- the rental of goods,
- the purchase of goods,
- application service provider (ASP) services,
- Software as a Service (SaaS),
- Platform as a Service (PaaS),
- on-demand computing and hardware,
- support and maintenance services,
- consulting services and professional services,
- hosting services,
- design and development services,
- temporary employment services.
What is included in our IT Goods and Services Audit
Our IT Goods and Services audit assesses you current governance practices relating to IT goods and services. This includes reviewing key contracts to establish whether:
- the rights and obligations of all parties have been clearly defined and agreed in writing;
- the agreement has been drafted in plain language and should not include legal or technical jargon;
- they contain the alternative dispute resolution clause recommended by King III™.
It also includes establishing whether good vendor management procedures are followed. They include:
- The escalation of issues
- The notification of breaches of the agreement
- The transfer of services on termination of the relationship
The audit also seeks to ascertain whether information security and sustainability have been addressed as part of the disposal of IT goods. For example,
- the company should scrub hard drives before disposing of them.
- the company should consider the impact on the environment before disposing of print cartridges.