In this chapter, you learned about various aspects of IT resource management, the different criteria and risks associated with outsourcing, IT monitoring, and reporting structures, and aspects of QA and quality management. You learned about the following important topics in this chapter: • The main goal of IT projects is to add value to business processes. The IS auditor’s primary consideration is to determine and ensure that IT initiatives are aligned with business objectives while designing and approving the project. • An escrow agreement is entered into between a service provider and a client to ensure the permanent availability of the client's source code. The source code is held by a third party. In the event of the vendor going out of business, the client can claim the source code back from the third party. • In no circumstances can accountability be transferred to external parties. Regardless of the function outsourced, it is the ultimate responsibility of the organization to be accountable to the relevant stakeholders. • The most important requirement for the implementation of an IT BSC is defining KPIs. KPIs are necessary for measuring and monitoring effectiveness. In the next chapter, you will explore project governance and management aspects, the importance of the business case and feasibility analysis, and various system development methodologies.