SlideShare a Scribd company logo
Cloud Computing – Emerging
Opportunities for the profession
Anand Prakash Jangid and Bharath Rao
Venturing into a whole new level of consultancy and assurance
History and Introduction
We are nowpart of a systemthat is revolvingaroundAutomation,FlexibilityandConvenience.Work
at a slowpace is not tolerated.We require the work to be completedatthe fastesttime andat zero
errors. Ever since the advent of computers, man has been able to increase his working speed at an
exponential rate. Right from the abacus to the smart phone, newer ways and methods are being
developedwiththe objective of providingAutomation,FlexibilityandConvenience.The inventionof
the internet has played a massive role for connecting the world and making it as a global village.
Business have been set up by responsible entrepreneurs and have leveraged these benefits of the
computer and the internet. Computers is now part of everybody’s life whether he likes it or not.
Computersplayanimportantrole inone’slife asit helpsinthe fieldsof Education,Medicine,Health,
Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital
magic-box.The presenceof internethasgrownsolarge thateverythingnow residesonanetwork.All
the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a
mouse” is now history.
Business on the Cloud
Businesseshave capitalisedonthecloudtoperformtheirbusinessoperationstomeettheirobjectives.
The cloudisa conceptevolvedfromthe internetwhich,insimple parlance,refersto,adigital system
present on the internet providing a platform to create, store, process and circulate data (SaaS –
Software-as-a-Service). This digital system also provides a platform to develop one’s own custom
applications (PaaS–Platform-as-a-Service) andprovidesresourcestohost those(IaaS–Infrastructure-
as-a-Service).Thisdigitalsystemisaccessiblefromanydeviceandfromanylocationof the world. The
keybenefitof the cloudisthat,all of the abovementionedfunctionsisperformedonsystemsthatare
owned by someone else.
This has resultedina way of runningan enterprise usingthe cloud. Critical financial transactionsrun
from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property,
Business Secrets, Bank Information,Supply Chain Information,Customer and Vendor Data are some
examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments,
Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using
the cloud. This is possible as investment on capital expenditure is not requiredas one would rely on
cloud service providers and would incur costs on a subscription based release of payments.
It iscrucial that controlshave tobe inplace at critical aspectsof the cloudin orderto ensure thatthe
confidentiality, integrity and availability of the data is not compromised.
Chartered Accountant and the Cloud
A CharteredAccountanthasaunique blendof qualities.A CA canbe referredas a Techno-Functional-
Legal qualityequipped person.Suchqualitiesare developedtogetheronlyinthisprofession.A CA can
provide enormous value addition in order to develop controls and audit them.
Leveraging on providing consultancy for Cloud Compliance is a path a CA can opt for in providing
significantvalueadditiontohisclient.Operatingonthe cloudhasledto the followingrisksasperthe
report provided by Cloud Security Alliance in 2014.
Cloud Threats
At an unprecedentedpace,cloudcomputinghassimultaneouslytransformedbusinessand
government,andcreatednewsecuritychallenges.The developmentof the cloudservice model
deliversbusiness-supportingtechnologymore efficientlythaneverbefore.The shiftfromserverto
service-basedthinkingistransformingthe waytechnologydepartmentsthinkabout,design,and
delivercomputingtechnologyand applications.Yetthese advanceshave creatednew security
vulnerabilities,includingsecurityissueswhose full impactisstill emerging.
The followingare identifiedascritical threatstocloudsecurity(rankedinorderof severity):
1. Data Breaches
2. Data Loss
3. Account Hijacking
4. Insecure APIs
5. Denial of Service
6. MaliciousInsiders
7. Abuse of CloudServices
8. InsufficientDue Diligence
9. SharedTechnologyIssues
Design of a Control Framework
Preparation for the implementation has to be giventhe great importance. Due care has to be taken
for a strong implementationof the Businessonthe Cloud.Dependingonthe strengththat ispresent
in the foundation, further expansion of the platform can be performed smoothly.
Chartered Accountant
Design of
Control
Framework
Audit of
Control
Framework
Support for
better
Compliance
Inthe designof the CloudControl Framework,aCA can addmaximumvalue additionasdesigningthe
businessmodel isthe verysolutionforthe CloudPlatform.Thismodel hasthe followingcomponents
–
- Understanding the Business Entity.
- Understanding the Business Operations Standard operating procedure.
- Performing a Business Process re-engineering.
- Design of Automated Internal Control checks in the system.
- Design of Preventive and Detective Internal Controls on the Business Applications and the
Cloud Support.
All of the above constitute the model/framework onwhichthe businesswouldnow operate on.The
controls would be then tested withdata. The data may or may not be live data. However,a CA can
facilitate the test.
Upon successful completionof the tests,the frameworkwouldhave tobe implementedinthe Cloud.
In simple words, Cloud would be configured to operate business, cater customers and maintain
relationship with the customer and vendors.
A CA can leverage Frameworks like the COBIT 5 Framework and COSO Internal Control Framework.
Publicationslike the COBIT5 Riskand COBIT 5 Implementation byISACA andCloudControl Matrix by
CloudSecurityAlliance wouldhelpthe CA to decide onthe control objectivesandcontrolsthatwould
needto be present in the cloud environment and thus will design an effective control framework.
Audit of a Cloud Control Framework
A CA’s primary role of value addition is Auditing. A CA by virtue of his signature can provide the
following Assurance Services to the client with the following scope of activities –
- Privacy Laws are complied with
- Sufficient preventive and detective controls are in place and are continuously monitored
against the identified risks
- Ensuring that there is no data leakage from the platform
- Reviewing the storage controls that is implemented keeping
- Reviewingthatsufficientandadequate securitymeasureshave beendeployedtoprotectthe
personally identifiable information of others
- Ensuring that the controls enforced by the Cloud Business Applications are operating
effectively
- Ensuring that the control design is adequate to the nature and size of the business
The COBIT 5 Framework providesan approach that can be adopted by an assurance professional to
provide assurance inanIT Environment.The CloudControl Matrix byCSA isa Riskand Control Matrix
developed in order to have an industrial security benchmark on the Cloud. A CA can leverage these
documents to provide assurance as mentioned above.
Regulations
There are many regulationstobe compliedatdifferentgeographicallocations.PrivacyLawsandData
Governance Lawsare the primarytwolawsthat needto be compliedatan international level.Bench
markedlawslike thatSarbanes-OxleyAct,CompaniesAct 1956, PCI-DSScompliance canbe complied
by providing adequate consultancy and recommendations to the client on a regular basis. A CA can
help the client to comply the ISO 27000 family, ISO 22301, SSAE 16, Companies Act 2013, HIPAA,
Sarbanes-Oxley Act etc.
Conclusion
Usage of the Cloudisgainingscope at a tremendousrate ona dailybasis.People relyonthe cloudas
a primary resource to host and control their business. Cloud Computing has certainly paved a new
path to Chartered Accountants to provide a fresh line of Consultancy and Assurance Services.

More Related Content

What's hot

Task 2
Task 2Task 2
task 1
task 1task 1
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk Management
Mike Popham MBA PhD CPEng FRSA
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
Seccuris Inc.
 
Task 3
Task 3Task 3
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
Bee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
- Mark - Fullbright
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Nigel Robinson
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to You
DATAVERSITY
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export Control
NextLabs, Inc.
 
Big Data Requires Big Protection
Big Data Requires Big ProtectionBig Data Requires Big Protection
Big Data Requires Big Protection
IBM Security
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
Craig Mullins
 
Compliance: The Digital Imperative in Financial Services
Compliance: The Digital Imperative in Financial ServicesCompliance: The Digital Imperative in Financial Services
Compliance: The Digital Imperative in Financial Services
Appian
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Gross, Mendelsohn & Associates
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
IBM Solutions Connect 2013 - Getting started with Big Data
IBM Solutions Connect 2013 - Getting started with Big DataIBM Solutions Connect 2013 - Getting started with Big Data
IBM Solutions Connect 2013 - Getting started with Big Data
IBM Software India
 

What's hot (20)

Task 2
Task 2Task 2
Task 2
 
task 1
task 1task 1
task 1
 
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk Management
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Task 3
Task 3Task 3
Task 3
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to You
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export Control
 
Big Data Requires Big Protection
Big Data Requires Big ProtectionBig Data Requires Big Protection
Big Data Requires Big Protection
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
 
Compliance: The Digital Imperative in Financial Services
Compliance: The Digital Imperative in Financial ServicesCompliance: The Digital Imperative in Financial Services
Compliance: The Digital Imperative in Financial Services
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
IBM Solutions Connect 2013 - Getting started with Big Data
IBM Solutions Connect 2013 - Getting started with Big DataIBM Solutions Connect 2013 - Getting started with Big Data
IBM Solutions Connect 2013 - Getting started with Big Data
 

Viewers also liked

Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
Bharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
Bharath Rao
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
Bharath Rao
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao
 
ISO 50001 & SEP Practitioners Guide
ISO 50001 & SEP Practitioners Guide ISO 50001 & SEP Practitioners Guide
ISO 50001 & SEP Practitioners Guide
Veritatis Advisors, Inc.
 
Example EMS Manual - ISO 14001
Example EMS Manual - ISO 14001Example EMS Manual - ISO 14001
Example EMS Manual - ISO 14001
James Charles
 
Guide to iso50001
Guide to iso50001Guide to iso50001
Guide to iso50001
Dalila Ammar
 

Viewers also liked (7)

Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
ISO 50001 & SEP Practitioners Guide
ISO 50001 & SEP Practitioners Guide ISO 50001 & SEP Practitioners Guide
ISO 50001 & SEP Practitioners Guide
 
Example EMS Manual - ISO 14001
Example EMS Manual - ISO 14001Example EMS Manual - ISO 14001
Example EMS Manual - ISO 14001
 
Guide to iso50001
Guide to iso50001Guide to iso50001
Guide to iso50001
 

Similar to Cloud Computing - Emerging Opportunities in the CA Profession

Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
tcarrucan
 
New Era in Insurance - Cloud Computing
New Era in Insurance - Cloud ComputingNew Era in Insurance - Cloud Computing
New Era in Insurance - Cloud Computing
NIIT Technologies
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic Solutions
Netmagic Solutions Pvt. Ltd.
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
Peter Coffee at Southland Technology Conference
Peter Coffee at Southland Technology ConferencePeter Coffee at Southland Technology Conference
Peter Coffee at Southland Technology Conference
Peter Coffee
 
4 Reasons Accounting Firms Should Migrate To The Cloud
4 Reasons Accounting Firms Should Migrate To The Cloud4 Reasons Accounting Firms Should Migrate To The Cloud
4 Reasons Accounting Firms Should Migrate To The Cloud
Avni Rajput
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Cloud ROI and Implementation - A TechBlocks Solutions Guide
Cloud ROI and Implementation - A TechBlocks Solutions GuideCloud ROI and Implementation - A TechBlocks Solutions Guide
Cloud ROI and Implementation - A TechBlocks Solutions Guide
TechBlocks
 
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | QuboleO'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
Vasu S
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Cognizant
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
Iaetsd Iaetsd
 
Cloud Reshaping Banking
Cloud Reshaping BankingCloud Reshaping Banking
Cloud Reshaping Banking
Happiest Minds Technologies
 
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
Cognizant
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdf
aNumak & Company
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
Christophe Monnier
 
The cloud primer
The cloud primerThe cloud primer
The cloud primer
Joe Orlando
 
Peter Coffee on Cloud Transformation
Peter Coffee on Cloud TransformationPeter Coffee on Cloud Transformation
Peter Coffee on Cloud Transformation
Peter Coffee
 

Similar to Cloud Computing - Emerging Opportunities in the CA Profession (20)

Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
New Era in Insurance - Cloud Computing
New Era in Insurance - Cloud ComputingNew Era in Insurance - Cloud Computing
New Era in Insurance - Cloud Computing
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic Solutions
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
 
Peter Coffee at Southland Technology Conference
Peter Coffee at Southland Technology ConferencePeter Coffee at Southland Technology Conference
Peter Coffee at Southland Technology Conference
 
4 Reasons Accounting Firms Should Migrate To The Cloud
4 Reasons Accounting Firms Should Migrate To The Cloud4 Reasons Accounting Firms Should Migrate To The Cloud
4 Reasons Accounting Firms Should Migrate To The Cloud
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Cloud ROI and Implementation - A TechBlocks Solutions Guide
Cloud ROI and Implementation - A TechBlocks Solutions GuideCloud ROI and Implementation - A TechBlocks Solutions Guide
Cloud ROI and Implementation - A TechBlocks Solutions Guide
 
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | QuboleO'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
O'Reilly ebook: Financial Governance for Data Processing in the Cloud | Qubole
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
 
Cloud Reshaping Banking
Cloud Reshaping BankingCloud Reshaping Banking
Cloud Reshaping Banking
 
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
How a Business-First, Agile Cloud Migration Factory Approach Powers Digital S...
 
The Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdfThe Challenges Of Multi-cloud Management.pdf
The Challenges Of Multi-cloud Management.pdf
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
The cloud primer
The cloud primerThe cloud primer
The cloud primer
 
Peter Coffee on Cloud Transformation
Peter Coffee on Cloud TransformationPeter Coffee on Cloud Transformation
Peter Coffee on Cloud Transformation
 

More from Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
Bharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Bharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
Bharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
Bharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
Bharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
Bharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
Bharath Rao
 
Forex markets
Forex marketsForex markets
Forex markets
Bharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
Bharath Rao
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
Bharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
Bharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 

More from Bharath Rao (13)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 

Recently uploaded

Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
Operational Excellence Consulting
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
timesbpobusiness
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
Aleksey Savkin
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
Lacey Max
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
➑➌➋➑➒➎➑➑➊➍
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
SalesTown
 

Recently uploaded (20)

Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
 

Cloud Computing - Emerging Opportunities in the CA Profession

  • 1. Cloud Computing – Emerging Opportunities for the profession Anand Prakash Jangid and Bharath Rao Venturing into a whole new level of consultancy and assurance History and Introduction We are nowpart of a systemthat is revolvingaroundAutomation,FlexibilityandConvenience.Work at a slowpace is not tolerated.We require the work to be completedatthe fastesttime andat zero errors. Ever since the advent of computers, man has been able to increase his working speed at an exponential rate. Right from the abacus to the smart phone, newer ways and methods are being developedwiththe objective of providingAutomation,FlexibilityandConvenience.The inventionof the internet has played a massive role for connecting the world and making it as a global village. Business have been set up by responsible entrepreneurs and have leveraged these benefits of the computer and the internet. Computers is now part of everybody’s life whether he likes it or not. Computersplayanimportantrole inone’slife asit helpsinthe fieldsof Education,Medicine,Health, Business, Profession, Industry etc. Thus it is inevitable to progress without the help of the digital magic-box.The presenceof internethasgrownsolarge thateverythingnow residesonanetwork.All the data is present on the internet and is available at a tap of a screen. Yes the phrase “click of a mouse” is now history. Business on the Cloud Businesseshave capitalisedonthecloudtoperformtheirbusinessoperationstomeettheirobjectives. The cloudisa conceptevolvedfromthe internetwhich,insimple parlance,refersto,adigital system present on the internet providing a platform to create, store, process and circulate data (SaaS – Software-as-a-Service). This digital system also provides a platform to develop one’s own custom applications (PaaS–Platform-as-a-Service) andprovidesresourcestohost those(IaaS–Infrastructure- as-a-Service).Thisdigitalsystemisaccessiblefromanydeviceandfromanylocationof the world. The keybenefitof the cloudisthat,all of the abovementionedfunctionsisperformedonsystemsthatare owned by someone else. This has resultedina way of runningan enterprise usingthe cloud. Critical financial transactionsrun from the cloud. The cloud stores data which are sensitive. Cardholder’s data, Intellectual Property, Business Secrets, Bank Information,Supply Chain Information,Customer and Vendor Data are some examples. Some business functions like swift payments, NEFT and RTGS, Credit Card Payments, Enterprise Resource Planning, Governance, Risk Management and Compliance are performed using the cloud. This is possible as investment on capital expenditure is not requiredas one would rely on cloud service providers and would incur costs on a subscription based release of payments. It iscrucial that controlshave tobe inplace at critical aspectsof the cloudin orderto ensure thatthe confidentiality, integrity and availability of the data is not compromised.
  • 2. Chartered Accountant and the Cloud A CharteredAccountanthasaunique blendof qualities.A CA canbe referredas a Techno-Functional- Legal qualityequipped person.Suchqualitiesare developedtogetheronlyinthisprofession.A CA can provide enormous value addition in order to develop controls and audit them. Leveraging on providing consultancy for Cloud Compliance is a path a CA can opt for in providing significantvalueadditiontohisclient.Operatingonthe cloudhasledto the followingrisksasperthe report provided by Cloud Security Alliance in 2014. Cloud Threats At an unprecedentedpace,cloudcomputinghassimultaneouslytransformedbusinessand government,andcreatednewsecuritychallenges.The developmentof the cloudservice model deliversbusiness-supportingtechnologymore efficientlythaneverbefore.The shiftfromserverto service-basedthinkingistransformingthe waytechnologydepartmentsthinkabout,design,and delivercomputingtechnologyand applications.Yetthese advanceshave creatednew security vulnerabilities,includingsecurityissueswhose full impactisstill emerging. The followingare identifiedascritical threatstocloudsecurity(rankedinorderof severity): 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. MaliciousInsiders 7. Abuse of CloudServices 8. InsufficientDue Diligence 9. SharedTechnologyIssues Design of a Control Framework Preparation for the implementation has to be giventhe great importance. Due care has to be taken for a strong implementationof the Businessonthe Cloud.Dependingonthe strengththat ispresent in the foundation, further expansion of the platform can be performed smoothly. Chartered Accountant Design of Control Framework Audit of Control Framework Support for better Compliance
  • 3. Inthe designof the CloudControl Framework,aCA can addmaximumvalue additionasdesigningthe businessmodel isthe verysolutionforthe CloudPlatform.Thismodel hasthe followingcomponents – - Understanding the Business Entity. - Understanding the Business Operations Standard operating procedure. - Performing a Business Process re-engineering. - Design of Automated Internal Control checks in the system. - Design of Preventive and Detective Internal Controls on the Business Applications and the Cloud Support. All of the above constitute the model/framework onwhichthe businesswouldnow operate on.The controls would be then tested withdata. The data may or may not be live data. However,a CA can facilitate the test. Upon successful completionof the tests,the frameworkwouldhave tobe implementedinthe Cloud. In simple words, Cloud would be configured to operate business, cater customers and maintain relationship with the customer and vendors. A CA can leverage Frameworks like the COBIT 5 Framework and COSO Internal Control Framework. Publicationslike the COBIT5 Riskand COBIT 5 Implementation byISACA andCloudControl Matrix by CloudSecurityAlliance wouldhelpthe CA to decide onthe control objectivesandcontrolsthatwould needto be present in the cloud environment and thus will design an effective control framework. Audit of a Cloud Control Framework A CA’s primary role of value addition is Auditing. A CA by virtue of his signature can provide the following Assurance Services to the client with the following scope of activities – - Privacy Laws are complied with - Sufficient preventive and detective controls are in place and are continuously monitored against the identified risks - Ensuring that there is no data leakage from the platform - Reviewing the storage controls that is implemented keeping - Reviewingthatsufficientandadequate securitymeasureshave beendeployedtoprotectthe personally identifiable information of others - Ensuring that the controls enforced by the Cloud Business Applications are operating effectively - Ensuring that the control design is adequate to the nature and size of the business The COBIT 5 Framework providesan approach that can be adopted by an assurance professional to provide assurance inanIT Environment.The CloudControl Matrix byCSA isa Riskand Control Matrix developed in order to have an industrial security benchmark on the Cloud. A CA can leverage these documents to provide assurance as mentioned above. Regulations There are many regulationstobe compliedatdifferentgeographicallocations.PrivacyLawsandData Governance Lawsare the primarytwolawsthat needto be compliedatan international level.Bench markedlawslike thatSarbanes-OxleyAct,CompaniesAct 1956, PCI-DSScompliance canbe complied by providing adequate consultancy and recommendations to the client on a regular basis. A CA can
  • 4. help the client to comply the ISO 27000 family, ISO 22301, SSAE 16, Companies Act 2013, HIPAA, Sarbanes-Oxley Act etc. Conclusion Usage of the Cloudisgainingscope at a tremendousrate ona dailybasis.People relyonthe cloudas a primary resource to host and control their business. Cloud Computing has certainly paved a new path to Chartered Accountants to provide a fresh line of Consultancy and Assurance Services.