Cloud computing and the internal audit function

June 2011
  • Print-friendly version
Cloud computing and the internal audit function

At a glance

A cloud strategy vetted and supported by internal audit will help companies take advantage of the compelling cost benefits while managing new risks

Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.

CAEs have a significant role to play

Chief audit executives should proactively engage the C-suite and business leaders to understand what data and applications may be moved to the cloud. They then should investigate specific risks and controls for near-term cloud adoption. As critical IT functions move to the cloud, new risks will arise. Internal audit (IA) should re-evaluate its annual risk assessment, audit scope, and resources to support its company’s cloud strategy.