Mr David recently joined JKL Limited (JKL) as the Chief Information Officer (CIO). He wants to initiate a data analysis program in the company. Mr David observed that JKL has a substantial volume of historic structures and unstructured data that the company has never adequately exploited. For this purpose, the CIO spent significant time investigating the service providers in this market. Based on this intensive exercise, the CIO has decided to contract with a cloud service provider to do the analysis and submit the resulting information since JKL lacks the computing infrastructure to conduct meaningful analysis in-house. Mr Paul, the head of the Internal Audit Department at JKL Limited, is hesitant to outsource corporate data and is concerned about internal controls and security measures. However, the service provider argues that the data involved does not pertain to the firm's financial statements and is not an internal control matter.

You just joined the department of internal audit, and Mr Paul asked you to write a report from the internal audit department to the CIO addressing the following:

Considering the circumstances mentioned above, describe the nature of the risks associated with outsourcing. [4 Marks]

Word Limit: 300 words

b)

Please explain how the Department of Internal Audit can resolve concerns about the service provider's internal controls. [3 Marks]

Word Limit: 150 words