Internal control over financial reporting and the cloud
Üst veriTüm öğe kaydını göster
KünyeElifoğlu H., Güzey Y. Y., & Taşseven, Ö. (2014), Internal control over financial reporting and the cloud. In FSI – Global Business Research Symposium – Cracow/Katowice, Poland – May 28-30, 2014 (1-9. ss.). Krakow: Poland.
By 2020, 40 percent of digital information is expected to be created in the Cloud, delivered to the Cloud, or stored and manipulated in the Cloud1. It is clear that the Cloud is here to stay. As a large scale version of outsourcing Cloud Computing will create new challenges and complications for management and auditors. After the replacement of SAS 70 with SSAE 16, (similar to the ISAE 3402), most Cloud Service Providers will provide assurances to the Cloud Service Users within the framework of attestation standards instead of auditing standards. Outsourcing presents some challenges in itself and cloud computing further complicates those challenges. The new framework allows three different deployment models in the form of SOC1, SOC2 and SOC3. It is crucial that cloud service providers and cloud service users and their auditors should carefully consider alternative Service Organization Controls (SOC) deployment models. Unfortunately, many cloud providers are opting out for SOC 12 leaving little room for the development of SOC 2 reports. The right SOC deployment model for the Cloud is SOC 2 or SOC 3.