Read Internal Auditor August 2019 online
LET OP: Vanaf 2018 dien je in je ledenprofiel van IIA Nederland aan te geven of je toegang wilt tot de digitale versie van Internal Auditor. De online versie én de app zijn gratis te bezoeken wanneer je lid bent van IIA Nederland, maar het moet wel bij ons bekend zijn dat je die toegang wilt. Je krijgt dan een IIA Global inlog zodat je op de website en in de app kunt inloggen. Lees meer
Fortress in the cloud
"Cloud computing has quickly risen to become a dominant business technology. Public cloud adoption, in fact, now stands at 91% among organizations, according to software company Flexera’s State of the Cloud Survey. And it’s only expected to grow from there. Analysts at Gartner say more than half of global enterprises already using the cloud will have gone all-in by 2021.
Collectively, that places a lot of responsibility for organizational data outside the enterprise. And while cloud migration can lead to significant efficiencies and cost savings, the potential risks of third-party data management cannot be ignored. Reuters, for example, recently reported that several large cloud providers were affected by a series of cyber intrusions suspected to originate in China. Victims, Reuters reports, include Computer Sciences Corp., Fujitsu, IBM, and Tata Consultancy Services. The news agency’s chilling quote from Mike Rogers, former director of the U.S. National Security Agency, emphasizes the gravity of these breaches: “For those that thought the cloud was a panacea, I would say you haven’t been paying attention.”
As noted in this issue’s cover story, “Security in the Cloud” (page 20), growing use of cloud services creates new challenges for internal auditors. Writer Arthur Piper, for example, points to issues arising from the cloud’s unique infrastructure and the “lack of visibility of fourth- and fifth-level suppliers.” He also cites the cloud’s opaque nature and rapid pace of development as potential areas of difficulty. Addressing these issues, he says, requires internal audit to work with a wide range of business stakeholders — especially those in IT — and to secure staff with the right type of expertise.
The need to focus on these areas is supported by a recent report from the Internal Audit Foundation, Internal Auditors’ Response to Disruptive Innovation. Among practitioners surveyed for the research, a consistent theme emerged with regard to cloud computing — to be successful, internal audit should build relationships with IT, before moving to the cloud. Multiple respondents also recommend bringing in personnel with specialized IT skills to facilitate the evaluation of cloud controls. Moreover, they noted the importance of evaluating not only standard internal controls in areas like data security and privacy, but soft controls, such as institutional knowledge, as well.
Of course, cloud computing is only the tip of the iceberg when it comes to challenges around disruptive technology. Among other IT innovations affecting practitioners, artificial intelligence and the Internet of Things are equally impactful. We examine each of these areas in “Stronger Assurance Through Machine Learning” (page 27) and “Wrangling the Internet of Things” (page 32), respectively. And be sure to visit the Technology section of our website, InternalAuditor.org, for insights and perspectives on other IT-related developments affecting the profession."
~David Salierno
