Course: IT Auditing 5. You are the technology auditor for a midsize healthcare provider that has grown rapidly and has developed its own Electronic Medical Records (EMR) systems. With this rapid growth, it has been difficult for the Information Technology (IT) group to keep up with the hardware requirements and software changes. The CIO has performed an analysis of moving to a cloud computing solution. With this change, all IT functions would be handled by the third-party cloud provider. In addition, many organizations have lowered costs, including competing providers, allowing them to become more efficient and gain market share. One of the key benefits of cloud computing is the opportunity to replace up-front capital expenditure with low variable costs that scale as the business grows. You have been asked by the CIO to assist with the evaluation of its third party vendor management process and selection of a cloud provider for its electronic medical records. a. Describe the vendor risk management framework process that we discussed in class, and describe each of the four steps involved. b. When evaluating and selecting the third-party cloud provider, identify potential risks and audit strategies to consider.
Course: IT Auditing
5. You are the technology auditor for a midsize healthcare provider that has grown rapidly and has developed its own Electronic Medical Records (EMR) systems. With this rapid growth, it has been difficult for the Information Technology (IT) group to keep up with the hardware requirements and software changes. The CIO has performed an analysis of moving to a cloud computing solution. With this change, all IT functions would be handled by the third-party cloud provider. In addition, many organizations have lowered costs, including competing providers, allowing them to become more efficient and gain market share. One of the key benefits of cloud computing is the opportunity to replace up-front capital expenditure with low variable costs that scale as the business grows. You have been asked by the CIO to assist with the evaluation of its third party vendor management process and selection of a cloud provider for its electronic medical records.
a. Describe the vendor risk management framework process that we discussed in class, and describe each of the four steps involved.
b. When evaluating and selecting the third-party cloud provider, identify potential risks and audit strategies to consider.
Trending now
This is a popular solution!
Step by step
Solved in 4 steps