ISACA has issued a new guide of practical steps for assurance and control in the cloud, Controls and Assurance in the Cloud: Using COBIT 5.

The guide, meant to help companies find value in and adopt cloud solutions, also focuses on avoiding information security challenges.

According to the ISACA (formerly known as the Information Systems Audit and Control Association), these 13 items often lead to cloud challenges:

1.    Location of data
2.    Commingled data
3.    Security policy/procedure transparency (or lack thereof)
4.    Cloud data ownership
5.    Lock-in with cloud service provider’s proprietary application program interfaces
6.    Record protection for forensic audits
7.    Identity and access management
8.    Screening of other cloud computing clients
9.    Compliance requirements
10.    Data disposal
11.    Portability
12.    Service provider viability
13.    Backup and rollout capabilities

The publication provides the following tools to meet these challenges and provide effective governance and management of cloud initiatives:

•    Cloud risk scenarios
•    Contractual provisions
•    A cloud governance checklist
•    A practical approach to measuring cloud ROI
•    A cloud computing assurance program
•    A process capability assessment
•    Questions boards of directors need to consider

“Cloud initiatives transform business and need to be treated holistically, including addressing governance, risk management, operational, assurance and security considerations,” stated Phil Lageschulte, partner at KPMG and chair of ISACA’s guidance and practices committee. “This guide looks at all of those areas and helps companies ensure that their cloud initiatives are not only delivering value and meeting business goals—but also  managing the new and potentially elevated  risks.”

Controls and Assurance in the Cloud is a complete update to ISACA’s earlier IT Control Objectives for Cloud Computing. The book, which ISACA members can download free of charge, is available at

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access