Five questions boards of directors need to ask about cloud governance
New ISACA Guidance Calls for BoD Involvement
Auckland, New Zealand (2 May 2013)—The many benefits of cloud computing include helping enterprises become more efficient, agile, innovative and flexible,
but achieving those benefits depends on a number of factors, including the involvement of the board of directors. ISACA,
a nonprofit, independent association of more than 100,000 governance, risk, security and assurance professionals
worldwide, has issued new guidance
outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with
business objectives and the organisation’s risk tolerance.
“Board members need a clear understanding of cloud computing benefits and how to maximise them through effective
governance practices,” said Marc Vael, CISA, CISM, CGEIT, CISSP, an ISACA board member and chief IT audit executive at
Smals.“This requires the board to see cloud computing not as an IT project, but rather as a business strategy.”
According to ISACA’s Cloud Governance: Questions Boards of Directors Need to Ask, boards should address the following five questions to determine the strategic value that cloud services are expected
to provide and the impact that the cloud may have on resources and controls:
1. Do management teams have a plan for cloud computing? Have they weighed the value and opportunity costs?
2. How do current cloud plans support the enterprise’s mission?
3. Have executive teams systematically evaluated organisational readiness? For example, are the right skills available? Do cloud processes conflict with other established processes? Do cloud
plans conflict with enterprise culture?
4. Have management teams considered what existing investments might be lost in their cloud planning? Does the adoption of a cloud service nullify already-made technology investments that have not reached their planned end
date, and is that noted and approved?
5. Do management teams have strategies for measuring and tracking the value of cloud return vs. risk?
“The answers to these questions will help determine the enterprise’s readiness to adopt cloud computing and also help
ensure that the necessary governance is in place,” said Vael. “The COBIT 5 framework for governance and management of IT
can also help enterprises manage investments such as cloud services. COBIT 5 helps ensure consistent practices to
maximise value and manage risk.”
ISACA’s white paper, “Cloud Governance: Questions Boards of Directors Need to Ask,” is available as a free download at www.isaca.org/cloud-governance
. The COBIT 5 framework is a free download at www.isaca.org/cobit
This topic will also be discussed at ISACA’s upcoming Oceania CACS2013 conference. Held at the Adelaide Convention
Centre from 23-25 September 2013, the conference will feature highly respected industry experts from Australia, New
Zealand and around the world who will present their latest thinking, research and practical experience in topical
presentations and workshops.
For more information on the Oceania CACS2013 conference, including registration details, please visit: http://www.oceaniacacs2013.org/
. For more information about ISACA, please visit www.isaca.org
- Ends -
With more than 100,000 constituents in 180 countries, ISACA® (www.isaca.org
) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems
(IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in
1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value
from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified
Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of
Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT® framework. COBIT
helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly
in the areas of assurance, security, risk and control, and deliver value to the business.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ