News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

Photographs

My `pro bono' work

How you can support this work

Why my `pro bono' work is relevant to markets

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

ECA Journal "Interna...
ACCA responds to rev...
FRC issues revised a...
FRC: Withdrawal of P...
FRC consults on clie...
FRC: Auditors must i...
Accountancy Europe: ...
>>ICAEW: How to audit ...
Audit&Risk: Self-ser...
ACCA responds to con...
Accountancy Europe: ...
ECA: EU Anti-fraud p...
FRC´s review of 2016...
ACCA´s research reve...
FRC announces 2019/2...

Home>Aladdin's Cave - Archives>Auditing

Print Page Save to My Library <Next Article Previous Article>

04 December 2018

ICAEW: How to audit the cloud

ICAEW publication seeks to provide internal audit functions with important guidance on the work they should carry out in relevant key issues that include cloud security, customer services, supplier management and legal and regulatory compliance.

It is important to note that the audit approach carried out is likely to vary, depending on the scale and complexity of the service being used. Questions that internal audit will need to consider before they begin their work include:

Is the existing audit risk assessment process flexible enough to differentiate between the range of cloud services that might be used?

Is there a clear understanding of the difference between the organisation and the cloud, and where the technology boundary starts and stops?

Has sufficient explanation been provided to key internal parties, including directors and the audit committee, to highlight the business reasoning or impact of cloud provision?

How does the audit work complement the wider supplier assessments that are considering both third and fourth party risks?

How will samples be selected and are there opportunities to employ data analytics, either via the service provider or in-house, to enable complex analysis that caters for peaks and troughs in provision?

Are the audit teams knowledgeable about the differences in cloud computing services and do they apply the right approach to deliver effective audit coverage?

Does the organisation’s strategy for the cloud link to the overall business strategy?

Key risks and challenges

Cloud security

Security is one of the main areas of this report’s focus and requires detailed knowledge. There are a broad range of security controls that need to be considered, from access control and encryption through to cyber defences and monitoring. How the cloud service provider implements recognised security standards will also be critical to consider.

Operational resilience is key to maintaining service

Effective operational resilience is necessary for maintaining service for customers in addition to meeting regulatory and legal requirements. Internal audit will need to consider the level of resilience required and how the cloud provider meets these requirements.

Full article

© ICAEW - Institute of Chartered Accountants in England and Wales

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

04 December 2018

ICAEW: How to audit the cloud

© ICAEW - Institute of Chartered Accountants in England and Wales

Key

Comments: