Cloud Computing - Emerging Opportunities in the CA Profession
-
Upload
bharath-rao -
Category
Business
-
view
115 -
download
2
Transcript of Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing – Emerging Opportunities for the profession
Anand Prakash Jangid and Bharath Rao
Venturing into a whole new level of consultancy and assurance
History and Introduction
We are now part of a system that is revolving around Automation, Flexibility and Convenience. Work
at a slow pace is not tolerated. We require the work to be completed at the fastest time and at zero
errors. Ever since the advent of computers, man has been able to increase his working speed at an
exponential rate. Right from the abacus to the smart phone, newer ways and methods are being
developed with the objective of providing Automation, Flexibility and Convenience. The invention of the internet has played a massive role for connecting the world and making it as a global village.
Business have been set up by responsible entrepreneurs and have leveraged these benefits of the
computer and the internet. Computers is now part of everybody’s life whether he l ikes it or not.
Computers play an important role in one’s life as it helps in the fields of Education, Medicine, Health,
Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital
magic-box. The presence of internet has grown so large that everything now resides on a network. All
the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a mouse” is now history.
Business on the Cloud
Businesses have capitalised on the cloud to perform their business operations to meet their objectives.
The cloud is a concept evolved from the internet which, in simple parlance, refers to, a digital system
present on the internet providing a platform to create, store, process and circulate data (SaaS –
Software-as-a-Service). This digital system also provides a platform to develop one’s own custom
applications (PaaS – Platform-as-a-Service) and provides resources to host those (IaaS – Infrastructure-
as-a-Service). This digital system is accessible from any device and from any location of the world. The
key benefit of the cloud is that, all of the above mentioned functions is performed on systems that are owned by someone else.
This has resulted in a way of running an enterprise using the cloud. Critical financial transactions run
from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property,
Business Secrets, Bank Information, Supply Chain Information, Customer and Vendor Data are some
examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments,
Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using
the cloud. This is possible as investment on capital expenditure is not required as one would rely on cloud service providers and would incur costs on a subscription based release of payments.
It is crucial that controls have to be in place at critical aspects of the cloud in order to ensure that the confidentiality, integrity and availability of the data is not compromised.
Chartered Accountant and the Cloud
A Chartered Accountant has a unique blend of qualities. A CA can be referred as a Techno-Functional-
Legal quality equipped person. Such qualities are developed together only in this profession. A CA can
provide enormous value addition in order to develop controls and audit them.
Leveraging on providing consultancy for Cloud Compliance is a path a CA can opt for in providing
significant value addition to his client. Operating on the cloud has led to the following risks as per the report provided by Cloud Security Alliance in 2014.
Cloud Threats
At an unprecedented pace, cloud computing has simultaneously transformed business and
government, and created new security challenges. The development of the cloud service model
delivers business-supporting technology more efficiently than ever before. The shift from server to
service-based thinking is transforming the way technology departments think about, design, and
deliver computing technology and applications. Yet these advances have created new security vulnerabilities, including security issues whose full impact is still emerging.
The following are identified as critical threats to cloud security (ranked in order of severity):
1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues
Design of a Control Framework
Preparation for the implementation has to be given the great importance. Due care has to be taken
for a strong implementation of the Business on the Cloud. Depending on the strength that is present
in the foundation, further expansion of the platform can be performed smoothly.
Chartered Accountant
Design of Control
Framework
Audit of Control
Framework
Support for better
Compliance
In the design of the Cloud Control Framework, a CA can add maximum value addition as designing the
business model is the very solution for the Cloud Platform. This model has the following components
–
- Understanding the Business Entity.
- Understanding the Business Operations Standard operating procedure.
- Performing a Business Process re-engineering.
- Design of Automated Internal Control checks in the system.
- Design of Preventive and Detective Internal Controls on the Business Applications and the Cloud Support.
All of the above constitute the model/framework on which the business would now operate on. The
controls would be then tested with data. The data may or may not be live data. However, a CA can facilitate the test.
Upon successful completion of the tests, the framework would have to be implemented in the Cloud.
In simple words, Cloud would be configured to operate business, cater customers and maintain relationship with the customer and vendors.
A CA can leverage Frameworks like the COBIT 5 Framework and COSO Internal Control Framework.
Publications like the COBIT 5 Risk and COBIT 5 Implementation by ISACA and Cloud Control Matrix by
Cloud Security Alliance would help the CA to decide on the control objectives and controls that would need to be present in the cloud environment and thus will design an effective control framework.
Audit of a Cloud Control Framework
A CA’s primary role of value addition is Auditing. A CA by virtue of his signature can provide the
following Assurance Services to the client with the following scope of activities –
- Privacy Laws are complied with
- Sufficient preventive and detective controls are in place and are continuously monitored
against the identified risks
- Ensuring that there is no data leakage from the platform
- Reviewing the storage controls that is implemented keeping
- Reviewing that sufficient and adequate security measures have been deployed to protect the
personally identifiable information of others
- Ensuring that the controls enforced by the Cloud Business Applications are operating
effectively
- Ensuring that the control design is adequate to the nature and size of the business
The COBIT 5 Framework provides an approach that can be adopted by an assurance professional to
provide assurance in an IT Environment. The Cloud Control Matrix by CSA is a Risk and Control Matrix
developed in order to have an industrial security benchmark on the Cloud. A CA can leverage these
documents to provide assurance as mentioned above.
Regulations
There are many regulations to be complied at different geographical locations. Privacy Laws and Data
Governance Laws are the primary two laws that need to be complied at an international level. Bench
marked laws like that Sarbanes-Oxley Act, Companies Act 1956, PCI-DSS compliance can be complied
by providing adequate consultancy and recommendations to the client on a regular basis. A CA can
help the client to comply the ISO 27000 family, ISO 22301, SSAE 16, Companies Act 2013, HIPAA, Sarbanes-Oxley Act etc.
Conclusion
Usage of the Cloud is gaining scope at a tremendous rate on a daily basis. People rely on the cloud as
a primary resource to host and control their business. Cloud Computing has certainly paved a new path to Chartered Accountants to provide a fresh line of Consultancy and Assurance Services.