Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Computing - Emerging Opportunities in the CA Profession


Published on

In the present era, everything runs in the cloud. The development of Cloud computing technology and led to a sharp decrease of Capital Expenditure for industries. It has also led to their solutions being made available everywhere and at any device.

This article provides functional knowledge as to how a Chartered Accountant may provide value addition for the development of Internal Controls that protect the Confidentiality, Integrity, Availabilty and Privacy of the data being used by the Cloud.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Cloud Computing - Emerging Opportunities in the CA Profession

  1. 1. Cloud Computing – Emerging Opportunities for the profession Anand Prakash Jangid and Bharath Rao Venturing into a whole new level of consultancy and assurance History and Introduction We are nowpart of a systemthat is revolvingaroundAutomation,FlexibilityandConvenience.Work at a slowpace is not tolerated.We require the work to be completedatthe fastesttime andat zero errors. Ever since the advent of computers, man has been able to increase his working speed at an exponential rate. Right from the abacus to the smart phone, newer ways and methods are being developedwiththe objective of providingAutomation,FlexibilityandConvenience.The inventionof the internet has played a massive role for connecting the world and making it as a global village. Business have been set up by responsible entrepreneurs and have leveraged these benefits of the computer and the internet. Computers is now part of everybody’s life whether he likes it or not. Computersplayanimportantrole inone’slife asit helpsinthe fieldsof Education,Medicine,Health, Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital magic-box.The presenceof internethasgrownsolarge thateverythingnow residesonanetwork.All the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a mouse” is now history. Business on the Cloud Businesseshave capitalisedonthecloudtoperformtheirbusinessoperationstomeettheirobjectives. The cloudisa conceptevolvedfromthe internetwhich,insimple parlance,refersto,adigital system present on the internet providing a platform to create, store, process and circulate data (SaaS – Software-as-a-Service). This digital system also provides a platform to develop one’s own custom applications (PaaS–Platform-as-a-Service) andprovidesresourcestohost those(IaaS–Infrastructure- as-a-Service).Thisdigitalsystemisaccessiblefromanydeviceandfromanylocationof the world. The keybenefitof the cloudisthat,all of the abovementionedfunctionsisperformedonsystemsthatare owned by someone else. This has resultedina way of runningan enterprise usingthe cloud. Critical financial transactionsrun from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property, Business Secrets, Bank Information,Supply Chain Information,Customer and Vendor Data are some examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments, Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using the cloud. This is possible as investment on capital expenditure is not requiredas one would rely on cloud service providers and would incur costs on a subscription based release of payments. It iscrucial that controlshave tobe inplace at critical aspectsof the cloudin orderto ensure thatthe confidentiality, integrity and availability of the data is not compromised.
  2. 2. Chartered Accountant and the Cloud A CharteredAccountanthasaunique blendof qualities.A CA canbe referredas a Techno-Functional- Legal qualityequipped person.Suchqualitiesare developedtogetheronlyinthisprofession.A CA can provide enormous value addition in order to develop controls and audit them. Leveraging on providing consultancy for Cloud Compliance is a path a CA can opt for in providing significantvalueadditiontohisclient.Operatingonthe cloudhasledto the followingrisksasperthe report provided by Cloud Security Alliance in 2014. Cloud Threats At an unprecedentedpace,cloudcomputinghassimultaneouslytransformedbusinessand government,andcreatednewsecuritychallenges.The developmentof the cloudservice model deliversbusiness-supportingtechnologymore efficientlythaneverbefore.The shiftfromserverto service-basedthinkingistransformingthe waytechnologydepartmentsthinkabout,design,and delivercomputingtechnologyand applications.Yetthese advanceshave creatednew security vulnerabilities,includingsecurityissueswhose full impactisstill emerging. The followingare identifiedascritical threatstocloudsecurity(rankedinorderof severity): 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. MaliciousInsiders 7. Abuse of CloudServices 8. InsufficientDue Diligence 9. SharedTechnologyIssues Design of a Control Framework Preparation for the implementation has to be giventhe great importance. Due care has to be taken for a strong implementationof the Businessonthe Cloud.Dependingonthe strengththat ispresent in the foundation, further expansion of the platform can be performed smoothly. Chartered Accountant Design of Control Framework Audit of Control Framework Support for better Compliance
  3. 3. Inthe designof the CloudControl Framework,aCA can addmaximumvalue additionasdesigningthe businessmodel isthe verysolutionforthe CloudPlatform.Thismodel hasthe followingcomponents – - Understanding the Business Entity. - Understanding the Business Operations Standard operating procedure. - Performing a Business Process re-engineering. - Design of Automated Internal Control checks in the system. - Design of Preventive and Detective Internal Controls on the Business Applications and the Cloud Support. All of the above constitute the model/framework onwhichthe businesswouldnow operate on.The controls would be then tested withdata. The data may or may not be live data. However,a CA can facilitate the test. Upon successful completionof the tests,the frameworkwouldhave tobe implementedinthe Cloud. In simple words, Cloud would be configured to operate business, cater customers and maintain relationship with the customer and vendors. A CA can leverage Frameworks like the COBIT 5 Framework and COSO Internal Control Framework. Publicationslike the COBIT5 Riskand COBIT 5 Implementation byISACA andCloudControl Matrix by CloudSecurityAlliance wouldhelpthe CA to decide onthe control objectivesandcontrolsthatwould needto be present in the cloud environment and thus will design an effective control framework. Audit of a Cloud Control Framework A CA’s primary role of value addition is Auditing. A CA by virtue of his signature can provide the following Assurance Services to the client with the following scope of activities – - Privacy Laws are complied with - Sufficient preventive and detective controls are in place and are continuously monitored against the identified risks - Ensuring that there is no data leakage from the platform - Reviewing the storage controls that is implemented keeping - Reviewingthatsufficientandadequate securitymeasureshave beendeployedtoprotectthe personally identifiable information of others - Ensuring that the controls enforced by the Cloud Business Applications are operating effectively - Ensuring that the control design is adequate to the nature and size of the business The COBIT 5 Framework providesan approach that can be adopted by an assurance professional to provide assurance inanIT Environment.The CloudControl Matrix byCSA isa Riskand Control Matrix developed in order to have an industrial security benchmark on the Cloud. A CA can leverage these documents to provide assurance as mentioned above. Regulations There are many regulationstobe compliedatdifferentgeographicallocations.PrivacyLawsandData Governance Lawsare the primarytwolawsthat needto be compliedatan international level.Bench markedlawslike thatSarbanes-OxleyAct,CompaniesAct 1956, PCI-DSScompliance canbe complied by providing adequate consultancy and recommendations to the client on a regular basis. A CA can
  4. 4. help the client to comply the ISO 27000 family, ISO 22301, SSAE 16, Companies Act 2013, HIPAA, Sarbanes-Oxley Act etc. Conclusion Usage of the Cloudisgainingscope at a tremendousrate ona dailybasis.People relyonthe cloudas a primary resource to host and control their business. Cloud Computing has certainly paved a new path to Chartered Accountants to provide a fresh line of Consultancy and Assurance Services.