Cloud Computing - Emerging Opportunities in the CA Profession

4
Cloud Computing – Emerging Opportunities for the profession Anand Prakash Jangid and Bharath Rao Venturing into a whole new level of consultancy and assurance History and Introduction We are now part of a system that is revolving around Automation, Flexibility and Convenience. Work at a slow pace is not tolerated. We require the work to be completed at the fastest time and at zero errors. Ever since the advent of computers, man has been able to increase his working speed at an exponential rate. Right from the abacus to the smart phone, newer ways and methods are being developed with the objective of providing Automation, Flexibility and Convenience. The invention of the internet has played a massive role for connecting the world and making it as a global village. Business have been set up by responsible entrepreneurs and have leveraged these benefits of the computer and the internet. Computers is now part of everybody’s life whether he l ikes it or not. Computers play an important role in one’s life as it helps in the fields of Education, Medicine, Health, Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital magic-box. The presence of internet has grown so large that everything now resides on a network. All the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a mouse” is now history. Business on the Cloud Businesses have capitalised on the cloud to perform their business operations to meet their objectives. The cloud is a concept evolved from the internet which, in simple parlance, refers to, a digital system present on the internet providing a platform to create, store, process and circulate data (SaaS – Software-as-a-Service). This digital system also provides a platform to develop one’s own custom applications (PaaS – Platform-as-a-Service) and provides resources to host those (IaaS – Infrastructure- as-a-Service). This digital system is accessible from any device and from any location of the world. The key benefit of the cloud is that, all of the above mentioned functions is performed on systems that are owned by someone else. This has resulted in a way of running an enterprise using the cloud. Critical financial transactions run from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property, Business Secrets, Bank Information, Supply Chain Information, Customer and Vendor Data are some examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments, Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using the cloud. This is possible as investment on capital expenditure is not required as one would rely on cloud service providers and would incur costs on a subscription based release of payments. It is crucial that controls have to be in place at critical aspects of the cloud in order to ensure that the confidentiality, integrity and availability of the data is not compromised.

Transcript of Cloud Computing - Emerging Opportunities in the CA Profession

Page 1: Cloud Computing - Emerging Opportunities in the CA Profession

Cloud Computing – Emerging Opportunities for the profession

Anand Prakash Jangid and Bharath Rao

Venturing into a whole new level of consultancy and assurance

History and Introduction

We are now part of a system that is revolving around Automation, Flexibility and Convenience. Work

at a slow pace is not tolerated. We require the work to be completed at the fastest time and at zero

errors. Ever since the advent of computers, man has been able to increase his working speed at an

exponential rate. Right from the abacus to the smart phone, newer ways and methods are being

developed with the objective of providing Automation, Flexibility and Convenience. The invention of the internet has played a massive role for connecting the world and making it as a global village.

Business have been set up by responsible entrepreneurs and have leveraged these benefits of the

computer and the internet. Computers is now part of everybody’s life whether he l ikes it or not.

Computers play an important role in one’s life as it helps in the fields of Education, Medicine, Health,

Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital

magic-box. The presence of internet has grown so large that everything now resides on a network. All

the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a mouse” is now history.

Business on the Cloud

Businesses have capitalised on the cloud to perform their business operations to meet their objectives.

The cloud is a concept evolved from the internet which, in simple parlance, refers to, a digital system

present on the internet providing a platform to create, store, process and circulate data (SaaS –

Software-as-a-Service). This digital system also provides a platform to develop one’s own custom

applications (PaaS – Platform-as-a-Service) and provides resources to host those (IaaS – Infrastructure-

as-a-Service). This digital system is accessible from any device and from any location of the world. The

key benefit of the cloud is that, all of the above mentioned functions is performed on systems that are owned by someone else.

This has resulted in a way of running an enterprise using the cloud. Critical financial transactions run

from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property,

Business Secrets, Bank Information, Supply Chain Information, Customer and Vendor Data are some

examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments,

Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using

the cloud. This is possible as investment on capital expenditure is not required as one would rely on cloud service providers and would incur costs on a subscription based release of payments.

It is crucial that controls have to be in place at critical aspects of the cloud in order to ensure that the confidentiality, integrity and availability of the data is not compromised.

Page 2: Cloud Computing - Emerging Opportunities in the CA Profession

Chartered Accountant and the Cloud

A Chartered Accountant has a unique blend of qualities. A CA can be referred as a Techno-Functional-

Legal quality equipped person. Such qualities are developed together only in this profession. A CA can

provide enormous value addition in order to develop controls and audit them.

Leveraging on providing consultancy for Cloud Compliance is a path a CA can opt for in providing

significant value addition to his client. Operating on the cloud has led to the following risks as per the report provided by Cloud Security Alliance in 2014.

Cloud Threats

At an unprecedented pace, cloud computing has simultaneously transformed business and

government, and created new security challenges. The development of the cloud service model

delivers business-supporting technology more efficiently than ever before. The shift from server to

service-based thinking is transforming the way technology departments think about, design, and

deliver computing technology and applications. Yet these advances have created new security vulnerabilities, including security issues whose full impact is still emerging.

The following are identified as critical threats to cloud security (ranked in order of severity):

1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues

Design of a Control Framework

Preparation for the implementation has to be given the great importance. Due care has to be taken

for a strong implementation of the Business on the Cloud. Depending on the strength that is present

in the foundation, further expansion of the platform can be performed smoothly.

Chartered Accountant

Design of Control

Framework

Audit of Control

Framework

Support for better

Compliance

Page 3: Cloud Computing - Emerging Opportunities in the CA Profession

In the design of the Cloud Control Framework, a CA can add maximum value addition as designing the

business model is the very solution for the Cloud Platform. This model has the following components

- Understanding the Business Entity.

- Understanding the Business Operations Standard operating procedure.

- Performing a Business Process re-engineering.

- Design of Automated Internal Control checks in the system.

- Design of Preventive and Detective Internal Controls on the Business Applications and the Cloud Support.

All of the above constitute the model/framework on which the business would now operate on. The

controls would be then tested with data. The data may or may not be live data. However, a CA can facilitate the test.

Upon successful completion of the tests, the framework would have to be implemented in the Cloud.

In simple words, Cloud would be configured to operate business, cater customers and maintain relationship with the customer and vendors.

A CA can leverage Frameworks like the COBIT 5 Framework and COSO Internal Control Framework.

Publications like the COBIT 5 Risk and COBIT 5 Implementation by ISACA and Cloud Control Matrix by

Cloud Security Alliance would help the CA to decide on the control objectives and controls that would need to be present in the cloud environment and thus will design an effective control framework.

Audit of a Cloud Control Framework

A CA’s primary role of value addition is Auditing. A CA by virtue of his signature can provide the

following Assurance Services to the client with the following scope of activities –

- Privacy Laws are complied with

- Sufficient preventive and detective controls are in place and are continuously monitored

against the identified risks

- Ensuring that there is no data leakage from the platform

- Reviewing the storage controls that is implemented keeping

- Reviewing that sufficient and adequate security measures have been deployed to protect the

personally identifiable information of others

- Ensuring that the controls enforced by the Cloud Business Applications are operating

effectively

- Ensuring that the control design is adequate to the nature and size of the business

The COBIT 5 Framework provides an approach that can be adopted by an assurance professional to

provide assurance in an IT Environment. The Cloud Control Matrix by CSA is a Risk and Control Matrix

developed in order to have an industrial security benchmark on the Cloud. A CA can leverage these

documents to provide assurance as mentioned above.

Regulations

There are many regulations to be complied at different geographical locations. Privacy Laws and Data

Governance Laws are the primary two laws that need to be complied at an international level. Bench

marked laws like that Sarbanes-Oxley Act, Companies Act 1956, PCI-DSS compliance can be complied

by providing adequate consultancy and recommendations to the client on a regular basis. A CA can

Page 4: Cloud Computing - Emerging Opportunities in the CA Profession

help the client to comply the ISO 27000 family, ISO 22301, SSAE 16, Companies Act 2013, HIPAA, Sarbanes-Oxley Act etc.

Conclusion

Usage of the Cloud is gaining scope at a tremendous rate on a daily basis. People rely on the cloud as

a primary resource to host and control their business. Cloud Computing has certainly paved a new path to Chartered Accountants to provide a fresh line of Consultancy and Assurance Services.