Risk and Compliance Management Framework for Outsourced Global Software Development

After the U.S. Congress enacted the Sarbanes-Oxley Act, the need to guarantee transparency to companies’ stakeholders increased substantially. To become SOX compliant, companies are required to base their Corporate Governance on a suitable internal control framework; companies shall provide transparency, accountability and control to the different stakeholders. Financial applications and ERP-systems are critical in this process; if they fail, corporate governance will fail as well. This paper provides a Risk and Compliance Management framework for outsourced GSD of financial applications and ERP-systems. The challenge is to integrate COSO-ERM, ISO 20000 and ISO 27001. We have addressed this challenge by extending the SABSA model to incorporate the integration of these standards. As a result, the framework clarifies the responsibilities of customers and outsourcing companies, thereby providing efficient risk and compliance management.