Business in the Cloud: Research Questions on Governance, Audit, and Assurance

Abstract

ABSTRACT Cloud computing services are finding rapid adoption as organizations seek cost reduction, technical expertise, flexibility, and adaptable mechanisms to attain advantages in fast-moving business environments. The related considerations of governance, audit, and assurance of cloud computing services might be inadvertently overlooked in a rush to adopt these cloud services. This paper focuses on cloud computing governance and audit issues by presenting research questions informed by both practice and research. A cloud computing ecosystem is presented and an IT Governance framework (Wilkin and Chenhall 2010) is referenced as a means to structure research questions. Key issues of risk, security, monitoring, control, and compliance should be considered early in the cloud services decision process. The tight coupling of intercompany operations between the cloud client and cloud provider(s) forms an interdependent, operationally coupled ecosystem. Planned governance is needed to achieve a well-governed, functional, and secure cloud computing environment. The audit role is complicated when the organization's financial data and/or critical applications are hosted externally with a cloud service provider that may use other cloud service providers.