Page 31 - Quick Insights Book 2022
P. 31
Chap. 6 – Information Technology
Deliverable
CLOUD Chartered Accountants can make a nuanced assessment of
COMPUTING
Business Impact Analysis for moving services to cloud platform
Cloud Provider Service Review
Introduction
Basics
Cloud Computing has become a critical part of IT landscape
for increasing capabilities and reducing cost, leading to Assesses the ability of the cloud provider to meet or exceed
organisations moving more business processes to the cloud by the agreed-upon Service Level Agreement Audit (SLA) in the
various organisations. The advantage of the cloud is evidenced contract. Areas of consideration should include technology,
by the ever increasing flow of data entering the cloud each legal, governance, compliance, security and privacy. In addition,
day. However, as in the case of Internet of Things (IoT), a internal audit should assess what contingency plans exist in
growing reliance on cloud computing and data is stimulating case of failure, liability agreements, extended support, and
fears over security, privacy, movement and ownership of user the inclusion of other terms and conditions as part of the
data. Cloud accounting software have been a growing trend service contracts, as well as availability, incident, and capacity
in business and practice for many years, helping firms and management and scalability.
their clients to access and share information. This positions
accountants to make the most of the cloud based resources Deliverable
such as servers, storage, processing and other services, which A management audit of SLA, to assess whether same is in
are becoming increasingly common place. Increased usage of line with entity’s GRC framework. An operational audit of SLA
cloud accounting will facilitate use of real-time data and more to check, uptime, issue management and overall service,
in depth analytics. performance assessment.
Professional Opportunity in Cloud Computing Cloud
Strategy and Governance Audit
IT RISK MANAGEMENT
Basics
Evaluates the organization’s strategy for utilizing cloud
technologies. Determines whether the appropriate policies and IT Risk Management Strategy Assessment
controls have been developed to support the deployment of the Basics
strategy. Evaluates alignment of the strategy to overall company
objectives and the level of preparedness to adopt within the Assesses the framework and process IT has embedded within
organization. the function to assess and manage risks. Evaluates the actions
taken to mitigate risks and the level of accountability within the
Deliverable process.
Audit of management strategy for cloud computing, including Deliverable
policy formulation for cloud computing and audit of integration
of management policy with legal, regulatory framework and Risk Management Strategy covering the risk identification
implementation of policy. process, including risk mitigation strategy adopted.
Cloud Security and Privacy Review DATA
ANALYTICS
Basics
Assesses the information security practices and procedures of
the cloud provider. This may be a review of their SSAE 16/SA Basics
402/ISAE 3402 report(s), a review of their security SLAs and/or “Data Analytics” is the process of examining raw data with the
an onsite vendor audit. purpose of drawing conclusions supporting decision making.
Data analytics, when used to obtain audit evidence in a
Determines whether IT management worked to negotiate financial statement audit, is the science and art of discovering
security requirements into their contract with the provider. and analysing patterns, deviations and inconsistencies, and
Review procedures for periodic security assessments of extracting other useful information in the data underlying or
the cloud provider(s), and determine what internal security related to the subject matter of an audit through analysis,
measures have been taken to protect company information modelling and visualisation for the purpose of planning or
and data. performing audit.
18 Quick Insights on Professional Opportunities for Chartered Accountants
