This sample tool contains two work programs that provide general steps organizations should take when conducting an IT vendor management audit.

These sample audit work programs review the vendor management processes of the IT department of a company. The objectives of this type of audit are to evaluate whether the IT department has established risk-based policies for governing the outsourcing process, review and assess controls of the vendor selection process and service-provider contract process, assess the due diligence process of the provider, and check the service contracts and service-provider relationships.