In a recent article in CNN’s Money, there was a discussion about IBM shifting its corporate strategy away from hardware in favor of cloud computing services. The article says “The company was ill-prepared for its customers' sudden warm embrace of cloud computing. Why buy big, expensive IBM mainframes and servers when you can pay Amazon (AMZN, Tech30) or Microsoft (MSFT, Tech30) to house all your data for you – for cheaper? Why spend money on software for your computers, when those programs can be hosted in the cloud?”
The shift away from the traditional business model of keeping all IT resources in house is impacting everyone. IT departments in every industry, public and private sectors, and in companies both big and small are advising management to move to cloud computing. If you want to learn about the basics of cloud computing, Amazon Web Services has a wonderful explanation on its website.
The move to cloud computing is directly impacting internal audit departments. Many departments use internal audit software for risk assessments, resource management, audit documentation, reporting, and data analytics. Your IT department may push you to a cloud solution, and the vendor you choose could either provide cloud-only software or have both cloud and on-premise options. So how do you know what to choose?
Let’s first assume the internal audit software solution you are considering meets your functional needs. Addressing the installation options really depends on your IT Security needs, and there are three important variables to consider.
If you do pursue a cloud computing option, do your own due diligence to find the option that works best for your team and still meets your IT department’s requirements. Remember to evaluate a cloud service provider in accordance with the COSO 2013 framework as an Outsourced Service Provider (OSP). Dependency on OSPs changes the risks of business activities and creates challenges in monitoring activities and related controls. You ultimately have responsibility for the chosen OSP’s system of internal control, so choose wisely. At TeamMate, we take pride in following internal audit industry standards and hosting best practices in our TeamCloud environment. If you are not using TeamMate for your audit department’s cloud computing needs, be sure you choose a vendor who also follows best practices.
Toby is a Certified Internal Auditor (CIA) who holds an MBA with an Internal Audit specialization from Louisiana State University. He is also certified in Control Self-Assessment (CCSA), Risk Management Assurance (CRMA), Internal Control (CICA), and Fraud Examination (CFE). His professional background includes identification and documentation of weaknesses that result in heightened business risk, while recommending solutions to such situations. Toby began his career in internal audit with Macy's Inc. He then worked as an implementation and training consultant for Wolters Kluwer. As a Senior Market Development Consultant at Wolters Kluwer, Toby works with organizations that are looking for software solutions to their audit, risk and compliance needs.
Throughout his career, Toby has assisted numerous internal audit departments create, perform, and supervise financial, operational, and compliance audits to evaluate control frameworks, financial systems and operating procedures.