It is worth considering whether the spread of outsourcing services by the so-called service organizations and the increase in the number of companies that provide such solutions is also followed by adequate attention to ensure that internal controls within an outsourcing company are appropriately designed and, more importantly, properly implemented so that a user organization is comfortable that the risk is limited to an acceptable level.