IT audit on the information system development projects have been strongly survived in the public sector of Korea for more than 20 years. Furthermore, under the legislation of external IT audit - "Law for an efficient acquisition and operation of information systems," external IT audit is required in every public information system development project. This reinforced duty of external audit makes the client of IT audit to expect higher quality than prior to the legislation. Until now, there has been no study to show the rationale supporting the social beliefs that clients (CIOs in the public sector of Korea) can manage venders (developers of the outsourced projects) more effectively with the IT audit services. In this study, IT audit is investigated using the concept of the agency theory which considers the audit as the risk mitigate mechanism in the economic research.