6.2. EXAMINING VENDOR ORGANIZATION CONTRACTS
In any significant business transaction, a written contract is usually drafted and signed by authorized representatives of each party. The contract should clearly specify the responsibilities of each party. Even if all parties involved have every intention of completing their end of the bargain as agreed upon in various discussions with each other, a contract helps ensure that there are no misunderstandings as to what actions each party is expected to perform, at what time they are expected to be performed, what services or payments will be received when the actions have been satisfactorily performed, and when the services or payments will be received. As an added incentive, most contracts also include a section specifying the consequences or penalties in the event that one or more of the parties fails to perform as required by the terms of the contract.
The success of the products and services of most organizations is highly dependent on the timely, accurate, and secure functioning of computer systems and related applications, whether they are maintained internally or provided by a vendor. Thus, when a vendor supplies a computer system and/or application to a client organization, a significant business transaction has taken place and thus should be documented by a written contract. The following paragraphs attempt to identify the critical items that all auditors should be cognizant of and that should be specified in contracts between ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
