With an increased number of organizations migrating their IT infrastructure from in-house systems to cloud-based systems, auditors need to verify that their methodology has been updated to include controls for the new environment.
Developing and assessing controls for this new environment is tough, because not much has been standardized to assist auditors. While some groups have updated their vendor management procedures to include controls specific to cloud-based systems, many simply rely on outdated procedures that do not address the new complexities introduced by the cloud. By approaching cloud service providers with the same level of scrutiny applied to in-house systems, auditors can develop a robust cloud strategy.
For an in-depth discussion about the complexities of and requirements and recommendations for performing audits of cloud service providers, check out our article, “Auditing the Cloud” – published in the August edition of Internal Auditor magazine.