WORLD ACADEMY OF INFORMATICS AND MANAGEMENT SCIENCES
ISSN : 2278-1315
mattered: there was more cake for all. Now it looks like the
few are eating the cake of the many.
Are the audit teams knowledgeable about the differences in
This greed contributes to grievance politics and populism,
cloud computing services and do they apply the right
which can have very dangerous consequences. Trust The
approach to deliver effective audit coverage?
IPSOS MORI veracity index shows that business leaders are
Does the organization’s strategy for the cloud link to the
trusted as much as estate agents, but considerably less than
overall business strategy?
hair- dressers. A workplace in which there is low trust is
rarely a happy or effective workplace.
KEY RISKS AND CHALLENGES Cloud security:
Capitalism remains the most effective wealth creation
Security is one of the main areas of this report’s focus and
machine ever devised. It also remains prone to wild
requires detailed knowledge. There are a broad range of
excesses. To be sustainable, it has to find ways of mitigating
security controls that need to be considered, from access
its own excesses. Capitalism must be saved from itself. That
control and encryption through to cyber defences and
is a real leadership challenge. As a leader you cannot change
monitoring. How the cloud service provider implements
capitalism by yourself. But you can lead in such away as to
recognized security standards will also be critical to consider.
be a role model for others.
Run your business to avoid imposing externalities on
Operational resilience is key to maintaining service:
society; avoid excessive greed; and build real trust within
Effective operational resilience is necessary for maintaining
and beyond your organization. If you can do all this, you
service for customers in addition to meeting regulatory and
may achieve the unique feat of being both effective and
legal requirements. Internal audit will need to consider the
virtuous. You will be a good leader for the 21st century.
level of resilience required and how the cloud provider meets
About the Author:
these requirements.
Jo Owen is an author, a keynote speaker and the founder of
Supplier management and its role in maintaining service:
eight NGOs. His latest book is The Tribal Code (Auvian
Internal auditors will need to understand how the operating
Press)
model works and may use service metrics, defined KPIs (Key
Performance Indicators) and meetings with the service
HOW TO AUDIT THE CLOUD
provider (or supplier management team) to gain a greater
By:ICAEW (Institute of Chartered Accountants of England
understanding of the cloud.
and Wales)
Governance policies and processes: are they fit for
Cloud computing is transforming business IT services,
purpose?
increasing its operational efficiencies and reducing its costs.
There needs to be a clear transition where the business as
But the use of cloud computing services also poses
usual approach effectively embeds into the organization. An
significant risks that need to be planned for by audit
organization-wide cloud policy needs to be established. Cloud
committees, boards and management if they are to be
services can be procured easily and there is a risk that without
handled effectively.
the right governance organizations could lose central control
of the IT being used.
It is important to note that the audit approach carried out is
likely to vary, depending on the scale and complexity of the
Regulatory and legal: the importance of compliance:
service being used. Questions that internal audit will need to
consider before they begin their work include:
Cloud provision will need to comply with both regulatory and
legal requirements. This complex area is evolving. Financial
Is the existing audit risk assessment process flexible enough
regulators will be increasingly focused on the potential risk of
to differentiate between the range of cloud services that
concentration where a number of large organizations are using
might be used?
a small number of providers, such as Amazon, Google, IBM
and Microsoft. A service failure at a large cloud service
Is there a clear understanding of the difference between the
provider could result in mass disruption.
organization and the cloud, and where the technology
boundary starts and stops?
As the use of cloud technology matures, organizations will be
adopting new operational models with increased automation
Has sufficient explanation been provided to key internal
that moves away from traditional IT management and service
parties, including directors and the audit committee, to
design. Internal audit will need to consider how it moves
highlight the business reasoning or impact of cloud
towards providing real time assurance.
provision?
6 AI RISKS EVERYONE SHOULD KNOW ABOUT
How does the audit work complement the wider supplier
assessments that are considering both third and fourth party
SHOULD WE BE SCARED OF ARTIFICIAL
risks?
INTELLIGENCE (AI)?
Some notable individuals such as legendary physicist Stephen
How will samples be selected and are there opportunities to
Hawking and Tesla and SpaceX leader and innovator Elon
employ data analytics, either via the service provider or in-
Musk suggest AI could potentially be very dangerous; Musk
house, to enable complex analysis that caters for peaks and
at one point was comparing AI to the dangers of the dictator
troughs in provision?
of North Korea. Microsoft co-founder Bill Gates also believes
www.waims.co.in
ENDEAVOR 2019 | WAIMS ACADMIC PRESS
78 | P a g e