Top considerations in Internal audit in the Cloud Computing environment
Top considerations in Internal audit in the Cloud Computing environment
Cloud computing is the provision of hardware and software services by a third party company accessed over the internet. A survey in 2014 by the Cloud Industry Forum (CIF) based in the UK has shown that 78% of organizations have adopted one or more cloud services representing growth of 61.5% since 2010 when their annual study first began. Furthermore, the study found that large enterprises showed the highest rates of cloud adoption (80%), while small and medium businesses stood at 75% with the public sector at roughly 68%.
Cloud computing technology is deployed in four general types, based on the level of internal or external ownership and technical architectures:
Public Cloud: services from vendors that can be accessed across the Internet or a private network
Private Cloud: Built, managed and used internally by an enterprise
Hybrid Cloud: Mix of vendor Cloud services, internal Cloud computing architectures, and classic IT infrastructure
Community Cloud: Infrastructure is shared by several organizations and supports a specific community that has shared concerns
Cloud computing services are grouped into specific categories: Infrastructure, Platform and Software services.
Internal audit consideration will be required for the following in Cloud Computing:
Data Security : Ask the Cloud Service Provider (CSP) whether it receives a Service Organization Controls (SOC) 2 report, which is a third-party attestation report regarding the CSP’s controls relating to security, availability, processing integrity, confidentiality or privacy. Verify that the scope of the SOC 2 report adequately covers the cloud services provided to your company, data security controls and that the auditor’s opinion is unqualified
Regulatory Compliance: Determine where the company’s data will be stored and the form of the data (e.g., production, backup, cache)
Availability: Verify that your company’s contract with the CSP includes provisions relating to system availability
Business Continuity and Disaster Recovery Planning: Verify that your company’s business continuity and disaster recovery plans are updated to incorporate the risks relating to the outsourcing of IT services to the CSP and that there are adequate plans in place to mitigate these risks
Return on Investment: Understand and review your company’s business case for moving to the cloud. Verify that your company has clearly documented the cost and benefits and that it is tracking these to verify that they are realized.
Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.
906 total views, 1 today