Cloud computing refers to a model that enables and gives data access to users to arranged computing resources such as networks, services, and applications, as well as storage. It binds together applications, internet connectivity, and manageable services and ensures that the resources are rapidly provided with reduced management efforts as well as interaction with the service provider (Mushtaq et al., 2017). Cloud computing audit refers to where a third party, usually an independent group is involved in obtaining evidence which may be through physical inspection, inspection, inquiry and systematic procedures. With day to day advancement of technology, many businesses and organizations are adopting cloud computing due to its continuous gain in popularity.
Cloud computing has a lot of merits to a business in that business time and money is saved since productivity is boosted, innovation is promoted and collaboration with other personnel is improved, With any compatible device anywhere, a business can access information from cloud computing since it stores data on the internet rather than storing the information on one’s computer. Users of cloud computing are always kept updated as data is synchronized for all connected devices (Singh et al., 2015). The services of cloud computing range from data storage to programs that are functional such as accounting and customer services tools. For a business, the owner can use public cloud, hybrid and private cloud services to provide services and store data.
Objectives included in the audit should be well known and business objectives should be aligned with these objectives. This is to ensure that resources, as well as time, will be spent well in achieving a firm internal control environment. These objectives include defining a strategic IT plan, and the use of the IT resources requires to be in line with the business strategies specified. The information architecture is another objective. It should be well defined and it includes security needed tin safeguarding security of information, network, and systems. A business should create policies as well as procedures that are well standardized and documented for a stable environment (Chou, 2015). These policies include roles and responsibilities, management of risk as well as organizational structure. Ensuring that objectives, policies, and mission of the business is communicated is another critical objective. Management should make sure that the organization gets the information. Also, management should record those risks that are likely to affect the business objectives as well as identify the risks that can affect the accuracy, safety, and reliability of the business’ sensitive information
In the scope of cloud computing, consideration of the specified procedures that are condition to the audit is important. Some aspects that are considered essential in cloud computing include monitoring of activities of the business and inspection of passwords and individuals who enter the network (Chou, 2015). Management of change is also important as it ensures that evidence to confirm changes are documented as well as defined is well inspected (Singh et al., 2015). Usually, an auditor can freely enquire and review evidence-based on available controls to gain more information on controls design and their operation. Unfortunately, cloud vendors’ don’t include their controls in cloud computing audit but to an only specific organization that utilize the cloud for business operations
References
Chou, D. C. (2015). Cloud computing risk and audit issues. Computer Standards & Interfaces, 42, 137-142.
Mushtaq, M. O., Shahzad, F., Tariq, M. O., Riaz, M., & Majeed, B. (2017). An efficient framework for information security in cloud computing using auditing algorithm shell (AAS). arXiv preprint arXiv:1702.07140...
Singh, J., Powles, J., Pasquier, T., & Bacon, J. (2015). Data flow management and compliance in cloud computing. IEEE Cloud Computing, 2(4), 24-32.
THESCOPEOFCLOUDCOMPUTINGAUDITFORBUSINESS.docx
0
