Transitioning to the cloud can be a disruptive change for IT and businesses. Governance, Risk, Compliance and Assurance are ultimately the responsibility of the enterprise.

Enterprises need to assure their boards as well as internal and external stakeholders that new risks emerging in the control environment have been identified, assessed and addressed. In order to provide this assurance a suitable control framework and monitoring mechanisms need to be established. This is not a one off exercise during cloud transition but a continuous and ongoing process.

We can facilitate transition to cloud as inline project management engagement or as a post implementation assurance engagement.

In the project assurance engagement we will work with IT stakeholders, audit, risk , legal and compliance stakeholders

We can assist in the following key areas  (illustrative only). 

• Identification, Assessment and Remediation of key Project Risks
• Review Cloud Service Provider SLAs ( including agreement on auditability, periodic reporting etc.)
• Any special requirements to be established e.g. e-Discovery for legal, alternate Cloud Service Provider for back up etc.
• Application Security : Cloud project may involve a mix of “lift and shift” of existing work loads and new agile application development methodologies like DevOps
• Data Privacy and Security, PCI DSS Compliance
• Identifying and recommending suitable security , GRC audit automation tools and processes for ongoing assurance