Armanino Blog

Auditors Evaluate Cloud Computing Risks

by Matthew Perreault
May 14, 2018

Cloud computing is reshaping the storage of critical business information, including sensitive personal data of customers and employees. Similar to paper files, the cloud may bring considerable security risks — but risks associated with the cloud might not be readily understood by some business owners and executives.

External auditors have added the evaluation of cloud computing risks to their overview risk assessment. During audit procedures, they’re likely to ask questions about your company’s policies and procedures for storing and accessing data on the cloud. Examples include:

  • What have you done to protect electronically stored data against hackers?
  • Has your staff been trained about cloud computing security, including the dangers of opening phishing emails, sharing passwords and accessing company data in public places, such as coffee shops and airports?
  • Do you have insurance to protect against and respond to cyberattacks or other cloud outages? (This coverage is usually supplemental to your business liability policy.)
  • How often does your cloud computing provider back up the information it’s storing?
  • How will you and your cloud provider respond if data is stolen by a third party, a cloud company employee or one of your employees?
  • What’s your backup plan if the cloud goes down? Do you have a “backup cloud”?
  • How much would a cyberattack or outage cost your company on a per-minute basis?
  • What is your cloud computing vendor’s service-level commitment (typically stated as a percentage of the year)? And how does this commitment translate in terms of potential minutes of downtime for the year?
  • How did the vendor’s service-level commitment compare to your actual downtime for the previous year?
  • Do you have a service-level agreement that documents the availability of your data and the penalties if the data becomes unavailable?
  • Does your company have a policy for transferring (and disposing of) data if you decide to switch cloud computing providers?
It’s a smart business practice to think about these questions before your auditors ask them. If you don’t know one of the answers — or if your answers are lacking — make it a priority to reinforce data security as soon as possible. Securing the cloud should be a proactive process, not a reactive one. Failing to identify potential pitfalls that are inherent in a cloud computing relationship can result in unexpected costs that can far exceed the short-term cost savings of operating on the cloud.


May 14, 2018

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Related News & Insights
SaaS Market Trends
Between the uncertainty of 2022 and the highs of 2021, what will 2023 hold?

December 14, 2022 | 09:00 AM - 10:00 AM PT
Fraud: Current Trends & Hot Topics
Don’t let fraud negatively impact your organization.

December 8, 2022 | 11:00 AM - 12:00 PM PT
Year-End Tax Planning for High-Net-Worth Individuals
Our tax experts will dive deep into our annual year-end tax planning guide.

December 8, 2022 | 09:00 AM - 10:00 AM PT