A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and
needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO)
has mandated that all IT and architectural functions will be outsourced and a mixture of providers
will be selected. One provider will manage the desktops for five years, another provider will
manage the network for ten years, another provider will be responsible for security for four years,
and an offshore provider will perform day to day business processing functions for two years. At
the end of each contract the incumbent may be renewed or a new provider may be selected.
Which of the following are the MOST likely risk implications of the CFO’s business decision?
A.
Strategic architecture will be adversely impacted through the segregation of duties between the
providers. Vendor management costs will remain unchanged. The risk position of the organization
will decline as specialists now maintain the environment. The implementation of security controls
and security updates will improve. Internal knowledge of IT systems will improve as providers
maintain system documentation.
B.
Strategic architecture will improve as more time can be dedicated to strategy. System stability
will improve as providers use specialists and tested processes to maintain systems. Vendor
management costs will increase and the organization’s flexibility to react to new market conditions
will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain
system documentation. The risk position of the organization will remain unchanged.
C.
Strategic architecture will not be impacted in the short term, but will be adversely impacted in
the long term through the segregation of duties between the providers. Vendor management costs
will stay the same and the organization’s flexibility to react to new market conditions will be
improved through best of breed technology implementations. Internal knowledge of IT systems will
decline over time. The implementation of security controls and security updates will not change.
D.
Strategic architecture will be adversely impacted through the segregation of duties between the
providers. Vendor management costs will increase and the organization’s flexibility to react to new
market conditions will be reduced. Internal knowledge of IT systems will decline anddecrease
future platform development. The implementation of security controls and security updates will
take longer as responsibility crosses multiple boundaries.