Please read the below discussion posts and provide response in 75 to 100 words
Cloud computing offers a variety of service to its users and so is the audit of it multifunctional and multi-directional. The purpose of the audit can be many and based on that the audit report can reveal different information about the cloud computing audit. The scope of cloud computing audit in my the business will include the IT and its controls of the business as well as the administration, risk assessment, communication, monitoring several activities, system operation, logical as well as physical access and finally change management. “The importance of IT auditing and especially cloud computing auditing is an essential effort to ensure the proper functioning processes of an the organization’s IT systems, management, operations, and related processes, to avoid fraudulent, in order to have comprehensive and accurate financial view of their business” (Moghadasi, 2018).
The IT structure of the cloud computing of the business is the basic that needs to be understood to ensure that everything is in proper condition and place so as to enhance the overall business and the output and this is effectively understood by an audit of cloud computing structure. Another important area being targeted by the audit is risk assessment. With the advances in the cyber field, the types of risks to have advanced. Thus the business needs to have thorough knowledge about its cloud computing and related risk so as to take security measures against them. Cloud computing audit for risk assessment reveals information about qualitative and quantitative aspects of the risks and thus becomes crucial in securing the business from any future attack or breaches. “The outsourced data, however, in the cloud are not always trustworthy because of the inadequacy of physical control over the data for data owners” (Sookhak, 2017).
The activities being performed on the cloud can be monitored by the audit of it. It helps the business owner understand what employees are doing on the cloud and how fruitful an employee is towards the overall development and growth of the business. Any activity being performed which is not related to the work profile of the employee can thus be revealed in the audit so the business can take appropriate measures against such employees or clients. “Despite regulatory interest in the audit impact of new technologies, little empirical work has studied how auditors behave when clients introduce cloud platforms into their accounting information system” (Banker, 2020).
The organization systems operation is also an important scope of cloud computing audit. It investigates the working of several systems and informs what systems need to be upgraded or changed for better results. The communication happening on the cloud is a part of audit wherein the business owner gets to know who is communicating over the cloud and who is viewing the information stored overcloud. Any unauthorized access being taken by a third party to the cloud services will be revealed in the audit report thus helps in blocking such access and improving the accessibility features for the enhanced security of the business cloud computing (Moghadasi, 2018).
Cloud computing auditing ensures the proper functioning of the IT system, the operations, the management, and the related processes. It helps to avoid fraudulently that provides a comprehensive and accurate financial view of the business. Nurhajati states that cloud computing audits are relevant towards protecting the data, identification and access management, risk technology, setting up rules and ensure better operations (Nurhajati, 2016). It is through cloud computing audits that points out the risk that is related to cloud computing that ensures business continuity.
The objectives that are required to be covered by cloud audit is to provide the stakeholders with having an internal security policy and towards having a successful control process of the cloud computing service. It also helps to evaluate the productiveness. The purpose of cloud audit is also to provide an interface between the service provider and the clients of the company. It helps to identify the definiteness and the inadequacies that can be found in internal control. It also provides the assessment criteria and generates the capabilities of reporting (Marks, 2015). Thus the stakeholders become much more confident in regards to the quality of the audit that also ensure better internal control. The auditors are also required to consider the control access, the control framework, and the features of authorization, notification in regards to a data breach, latency in communication and also take into consideration international law. The cloud auditor is also required to consider the cloud support and the IT support functions and towards anticipating re-enforcing the business function.
The cloud auditors are required to understand the risk association, the ways to deal and towards developing the abilities towards auditing the plan and the strategy. As the architecture for cloud computing consists of different models different components and services, it is required for the cloud auditor towards considering if the application is compatible with that of the cloud environment (Moghadasi, Mousavi, & Fazekas, 2018). This is because most of the application depends on the internal network of the organization and not the internet. Further, the web applications are required to be accessed that would assure authentication, monitoring, and access control. The cloud auditors are also required to assess the appropriateness of the control access over the other resources. They are required to access the endpoints and ensure that there is sufficient security. This would help towards gaining legitimate access towards the cloud resources (Halpert, 2011). Moreover, the service level agreement is required to be considered all communication and correspondence between the different vendors.
The audit process encompasses various phrases which include the planning process. In the planning process, it is required to understand the nature of the business. In the planning process, it requires examination of the controls and the procedures, the structure of the organization, the terms and the reviews and also understanding the application and also the comprehensive control review (Halpert, 2011). The next stage is the control examination phrase where the auditor is required to access the quality and towards specifying the degree to rely on. They are also required to execute and examine the control and test the outcome.