Cloud Computing and Internal Controls

Good Essays
“Does ‘cloud computing’ present additional internal control issues beyond those encountered in traditional computing?” Unaware of what is meant by “cloud computing,” this writer, after some research on the subject matter, believes that the answer to this question is YES, “cloud computing” does present additional internal control issues beyond the internal controls encountered in traditional computing. This question is answered from the viewpoint of a client company that has transferred its data to a cloud. It seems that there will always be a need for internal controls; however, where those controls are located is dependent upon the type of network infrastructure a company uses. When compared to traditional computing, cloud computing seems to have the opposite effect on internal controls of the client company: there is actually a decrease or elimination of internal controls for the company.

Internal controls are processes designed by companies to ensure the security, accuracy, and completeness of its financial and accounting data. These processes are put in place by the company to ensure adherence to its policies and plans while also protecting its valuable data from unauthorized access. A majority of companies, whether or not they know it, have some form internal control system in place. One area in particular that will most likely entail having internal controls is a company’s information network as the security of the network is the primary objective. Without these controls in place, a company allows itself to become vulnerable to network intrusion and possible data manipulation.

Traditionally, a company will have dedicated servers and other hardware located somewhere within their organization that comprise the infr...

... middle of paper ...


At the World Congress on Engineering 2011 conference in London, U.K., it was noted that the issue of security matters for cloud computing requires revising (Pinto et al., 2011). As mentioned earlier, when going to a cloud network any internal control system is essentially transferred to the service provider. As such, Pinto et al. (2011) explains about the “existence of a new entity called a cloud security manager” whose responsibility it is to keep documentation of client access to the cloud as well as third party processing. To put it differently, the duties of the cloud security manager will be to manage the overall cloud system by instituting an internal control matrix.

To ensure the security of a client’s data, the cloud security manager must follow the control matrix in order to monitor the activities that are transpiring around the cloud network.
Get Access