Business in the Cloud: Research Questions on Governance, Audit, and Assurance-Reference-Cited by-同舟云学术

Business in the Cloud: Research Questions on Governance, Audit, and Assurance

Published:2016-06-01 Issue:3 Volume:30 Page:173-189
ISSN:1558-7959
Container-title:Journal of Information Systems
language:en
Short-container-title:

Author:

Schmidt Pamela J.¹,Wood Jason T.²,Grabski Severin V.³

Affiliation:

1. Washburn University

2. PricewaterhouseCoopers

3. Michigan State University

Abstract

ABSTRACTCloud computing services are finding rapid adoption as organizations seek cost reduction, technical expertise, flexibility, and adaptable mechanisms to attain advantages in fast-moving business environments. The related considerations of governance, audit, and assurance of cloud computing services might be inadvertently overlooked in a rush to adopt these cloud services. This paper focuses on cloud computing governance and audit issues by presenting research questions informed by both practice and research. A cloud computing ecosystem is presented and an IT Governance framework (Wilkin and Chenhall 2010) is referenced as a means to structure research questions. Key issues of risk, security, monitoring, control, and compliance should be considered early in the cloud services decision process. The tight coupling of intercompany operations between the cloud client and cloud provider(s) forms an interdependent, operationally coupled ecosystem. Planned governance is needed to achieve a well-governed, functional, and secure cloud computing environment. The audit role is complicated when the organization's financial data and/or critical applications are hosted externally with a cloud service provider that may use other cloud service providers.

Publisher

American Accounting Association

Subject

Management of Technology and Innovation,Information Systems and Management,Human-Computer Interaction,Accounting,Information Systems,Software,Management Information Systems

Link

http://meridian.allenpress.com/jis/article-pdf/30/3/173/1742702/isys-51494.pdf

Reference50 articles.

1. Taxonomy of technological IT outsourcing risks: Support for risk identification and quantification;Ackermann;Proceedings of the European Conference on Information Systems (ECIS),2011

2. Amazon.com. 2015. Introduction to Auditing the Use of AWS. Available at: http://d0.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf via website: http://aws.amazon.com/compliance/aws-whitepapers/ (last accessed March 16, 2016).

3. American Institute of Certified Public Accountants (AICPA). 2015. Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®)-AICPA Guide. Available at: http://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/AuditAttest/IndustryspecificGuidance/PRDOVR∼PC-0128210/PC-0128210.jsp

4. ASEC/AICPA. 2014. Trust Services Principles, and Criteria. Available at: http://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/AuditAttest/Standards/PRDOVR∼PC-TSPC13/PC-TSPC13.jsp

5. Cooperation, coordination, and governance in multisourcing: An agenda for analytical and empirical research;Bapna;Information Systems Research,2010

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The impact of IT governance and data governance on financial and non-financial performance;Future Business Journal;2024-01-22

3. Impact of external auditor–cloud specialist engagement on cloud auditing challenges;Journal of Accounting & Organizational Change;2021-02-08

4. An Overview on Mobile Cloud Computing;Research Anthology on Architectures, Frameworks, and Integration Strategies for Distributed and Cloud Computing;2021

5. Characteristics of a Blockchain Ecosystem for Secure and Sharable Electronic Medical Records;IEEE Transactions on Engineering Management;2020-11