Cloud computing and the internal audit function

Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.

CAEs have a significant role to play

Chief audit executives should proactively engage the C-suite and business leaders to understand what data and applications may be moved to the cloud. They then should investigate specific risks and controls for near-term cloud adoption. As critical IT functions move to the cloud, new risks will arise. Internal audit (IA) should re-evaluate its annual risk assessment, audit scope, and resources to support its company’s cloud strategy.