Cloud Computing Audit Checklist
This appendix contains a high-level audit checklist based on selected key points introduced throughout the book. More detail on each aspect here can be found in the corresponding chapters.
Cloud-Based IT Audit Process (Chapter 2)
Has the organization applied overall risk management governance to the cloud-provided services? Have relevant risks been identified and treated, including the consideration of insurance where appropriate?
Has legal counsel been engaged to evaluate provider contracts and address data protection, confidentiality, and intellectual property issues? Have issues such as source code escrow for provided applications been addressed? What if there is a change in control of the cloud provider?
When an existing, internally hosted system is moved to the cloud, have the controls that were provided internally but are not provided in the cloud been identified? When the system was developed internally and is later moved to the cloud, which controls did developers assume or develop that are not provided in the cloud?