Will risk rain on your move to the cloud? | Deloitte US | Internal Audit Transformation

Perspectives

Will risk rain on your move to the cloud?

Internal audit and the digital enterprise

Cloud computing has taken the business world by storm. And with it comes a potential deluge of risks. Here are a few issues internal audit (IA) should consider as it guides the risk conversation with IT and the business.

Confronting the challenges of cloud computing

Cloud computing presents a new frontier for many organizations—and for IA as well. When confronting the challenges of cloud computing, internal auditors may need to stretch beyond their traditional audit roles, adding greater value as they assist the organization in building the required control environment to mitigate risks associated with the cloud.

To help prevent surprises and ward off regulatory and compliance fines that may have a damaging impact on brand and reputation, IA can conduct a cloud readiness assessment of existing vendor procurement and contract processes to identify cloud control gaps. We also offer a comprehensive risk framework tool that can be developed and customized to help address specific issues that impact the organization.

Proactive steps for your consideration

Here are five proactive steps IA functions should consider as the organization adopts cloud computing initiatives:

  • Engage stakeholders in informed discussions about the risk implications of cloud computing
  • Review the current organizational risk framework based on cloud risks that have been identified
  • Develop risk-mitigation strategies to help minimize the risks that accompany cloud computing
  • Review and better understand the organization’s data governance program
  • Evaluate potential cloud vendors from a risk perspective

More topics