ICAEW: How to audit the cloud

04 December 2018

ICAEW publication seeks to provide internal audit functions with important guidance on the work they should carry out in relevant key issues that include cloud security, customer services, supplier management and legal and regulatory compliance.

It is important to note that the audit approach carried out is likely to vary, depending on the scale and complexity of the service being used. Questions that internal audit will need to consider before they begin their work include:

Key risks and challenges

Cloud security

Security is one of the main areas of this report’s focus and requires detailed knowledge. There are a broad range of security controls that need to be considered, from access control and encryption through to cyber defences and monitoring. How the cloud service provider implements recognised security standards will also be critical to consider.

Operational resilience is key to maintaining service

Effective operational resilience is necessary for maintaining service for customers in addition to meeting regulatory and legal requirements. Internal audit will need to consider the level of resilience required and how the cloud provider meets these requirements.

Full article


© ICAEW - Institute of Chartered Accountants in England and Wales