A cloud strategy vetted and supported by internal audit will help companies take advantage of the compelling cost benefits while managing new risks
Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.
Chief audit executives should proactively engage the C-suite and business leaders to understand what data and applications may be moved to the cloud. They then should investigate specific risks and controls for near-term cloud adoption. As critical IT functions move to the cloud, new risks will arise. Internal audit (IA) should re-evaluate its annual risk assessment, audit scope, and resources to support its company’s cloud strategy.