Cloud Computing Audit: IT Plan, Risk Assessment, Vendor Review

Verified

Added on 2023/03/17

AI Summary

This report provides a comprehensive overview of cloud computing audits, emphasizing the importance of a well-defined IT plan aligned with business objectives. It highlights the need for robust risk assessments, including the identification of vulnerabilities and the development of incident management plans. The report stresses the significance of vendor reviews to ensure the security and reliability of cloud services, especially regarding payroll and inventory management. It also underscores the importance of comprehensive documentation, clear communication of policies, and adherence to relevant regulations. The audit process should cover the IT infrastructure, security, and the roles and responsibilities of all stakeholders involved. The report also references the work of Low, Chen and Wu (2011) and Wasike and Njoroge (2015) to support the findings. The report aims to assist students in understanding the key elements of conducting a cloud computing audit. The report includes details about IT plans, risk assessment, vendor review, documentation and security.

Auditing in Cloud Computing Environment
There must be a strategic information technology plan. Information technology resources
must get into line with the organisation business plans. When carrying out the audit please
ensure that the investment on information technology are always reinforced by the robust
business plan and what type of training is required if the plan is ready for rollout.
Auditor has to ensure whether the information architecture is having the combination of
networking, different type of systems and also the security of the IT infrastructure that will be
needed to protect the safety and integrity of the business information.
Always ensure that all the processes are well documented and have a specific standard.
Auditor should ensure that management should focus on creating policies and procedures that
includes all types of roles and responsibilities, including ownership of IT systems,
management of risk, segregation of duties, disaster recovery plan and incident management
plan.
Always ensure that management has communicated all the policies and procedures,
company’s mission, and company’s objectives are well communicated across the whole
organisation.
Proper documentation of all type of risk must be there which could affect the company’s
objective. It may include security laws and regulations and vulnerabilities or any other type
of delicate data. (Low, Chen and Wu, 2011)
Auditor should also review the controls at the vendor site from whom the cloud services are
taken, because the company is relying on other platform for different type of functions
whether it be payroll module, inventory module or asset register maintenance. (Wasike and
Njoroge, 2015)
Bibliography
Wasike, J. and Njoroge, L. (2015). Opening libraries to cloud computing: a Kenyan
perspective. Library Hi Tech News, 32(3), pp.21-24.
Low, C., Chen, Y. and Wu, M. (2011). Understanding the determinants of cloud computing
adoption. Industrial Management & Data Systems, 111(7), pp.1006-1023.