fbpx Skip to content

Knowledge Byte: What You Need to Know About Cloud Computing Audits

Photo

Paulo Guimarães

CTA-222

An audit is a systematic and independent verification of statements made by an enterprise. In the same way that a financial audit independently verifies the financial statements by management. A compliance audit verifies that the statement of compliance is accurate. The result of an audit is an assurance that the statement is correct.

The tools used by the auditor are dependent on the types of the statement made. In IT there are statements about technology and statements about management processes. Likewise, the tools used to collect information and evidence are wide-ranging.

An audit is likely to start with a review of existing documentation and earlier reports. This information is then extended and validated in interviews with staff and possibly other stakeholders of the enterprise. Information obtained from these sources is then validated and cross-checked with spot checks, samples, and observations. These can be manual or automatic. For example, most computer systems and applications contain configuration information and generate lots of Log files.

In the NIST cloud model, there is a specific mention of the Cloud Auditor, which conducts independent performance and security monitoring of cloud services.

Although every company is different, and each audit work will vary, but these are a few of the points that need to be accomplished while conducting audits:

  • Audits can be conducted by internal departments or by external firms
  • Agree on audit scope and phasing
  • Audit result
  • In a cloud context, the audit result is important to a larger number of stakeholders.

Requirements by Auditors

Some of the examples of things required by auditors are:

  • Document standards and repository
  • SLAs, Security policy, system description, control framework
  • Evidence (documents, paper or digital)
  • Process evidence (samples and spot checks)

Every audit has a scope; distinguishing what is checked and what is not checked. This scope is probably established by the stakeholder who is paying for the audit. The scope influences the amount of work involved by the auditor as well as by the organization that is being audited. The result of the audit is a report (sometimes called statement) by the auditor about the accuracy of the records or truth of the compliance. This is no more or less than an opinion by the auditor. When an auditor issues a verification of compliance, the auditor’s report may or may not include recommendations on how to address any issues that have been noted. In a cloud context, there are typically a lot of consumers, who are also interested in the audit statements. The consumer would like to rely on statements made by auditors but will have to be aware of the scope against which the audit was conducted.

Related products to help you upskill

Never miss an interesting article

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

Please enter your name.
Please enter a valid email address.
Please check the required field.
Something went wrong. Please check your entries and try again.

Keep learning

A Massive Influx Into Remote Work Creates an Opportunity for Hackers

A Massive Influx Into Remote Work Creates an Opportunity for Hackers

While the coronavirus pandemic has infected millions of people worldwide, sending people back to work and study from home, these new habits could benefit cybercriminals....
jurian article

ITIL® 4, Why Should You? What’s New?

By 2019, when ITIL® 4 was finally launched, ITIL had been the leading guidance for IT Service Management for the past three decades. Millions of...
PCD-444

Knowledge Byte: Designing the Cloud to Expect Failure

Designing software for failure is an extra barrier to overcome but isn’t too hard, and it certainly pays off. Largely, it boils down to make...
The-best-online-coures-2

COVID-19 Response

Digital transformation has never been more relevant than today. Until the end of June, we offer all our industry-recognized certification courses for 50% off. Improve your skills and stand out from the crowd.

Scroll To Top
Tweet
Share
Share