Cloud Computing: Overview and Risk Analysis

ABSTRACT :  We provide an overview of cloud computing: evolution, benefits, and challenges. Then we examine the risk characteristics identified in accounting and auditing literature by comparing a hand-collected sample of cloud computing companies with a matched sample of non-cloud computing companies. The study uses a comprehensive set of factors used in accounting and auditing literature to describe client business risk, audit risk, and auditor-related risk. Unsurprisingly, the findings show that large companies in the historically high-risk information technology industries provide cloud computing. More interestingly, the results show that cloud computing is more leveraged, and more likely to have a material weakness and longer audit tenure. Cloud computing companies are also more likely to restate their financial statement after providing cloud technologies. Some of the risk variables we used in the study are not statistically significant in capturing the risks of cloud providers (e.g., security, priv...

[1]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[2]  Amr Kotb,et al.  The Impact of E‐Business on the Audit Process: An Investigation of the Factors Leading to Change , 2011 .

[3]  Jin Tong,et al.  NIST cloud computing standards roadmap :: version 1.0 , 2011 .

[4]  Ashutosh Deshmukh,et al.  Digital Accounting: The Effects of the Internet and ERP on Accounting , 2005 .

[5]  Donald R. Deis,et al.  Auditors' Training and Proficiency in Information Systems: A Research Synthesis , 2009, J. Inf. Syst..

[6]  Sally Wright,et al.  Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations , 2002, J. Inf. Syst..

[7]  J. Francis,et al.  SHAREHOLDER LITIGATION AND CORPORATE DISCLOSURES , 1994 .

[8]  Roger S. Debreceny,et al.  Embedded Audit Modules in Enterprise Resource Planning Systems: Implementation and Functionality , 2005, J. Inf. Syst..

[9]  David C. Yen,et al.  Auditing in the e-commerce era , 2004, Inf. Manag. Comput. Secur..

[10]  Randal J. Elder,et al.  Internal Control Weaknesses and Client Risk Management , 2008 .

[11]  J. C. Cannon Privacy: What Developers and IT Professionals Should Know , 2004 .

[12]  Terry D. Warfield,et al.  Managerial ownership, accounting choices, and informativeness of earnings , 1995 .

[13]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[14]  Steve G. Sutton,et al.  Continuous Auditing in ERP System Environments: The Current State and Future Directions , 2010, J. Inf. Syst..

[15]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[16]  Rick Elam,et al.  Continuous auditing: the audit of the future , 2001 .

[17]  Gerhard Knolmayer,et al.  Assuring Compliance in IT Subcontracting and Cloud Computing , 2011, Global Sourcing Workshop.

[18]  Jagdish Pathak,et al.  An E-Business Audit Service Model in the B2B Context , 2010, Inf. Syst. Manag..

[19]  David G. Coderre Computer Assisted Fraud Detection , 2000 .

[20]  K. Johnstone Client-Acceptance Decisions: Simultaneous Effects of Client Business Risk, Audit Risk, Auditor Business Risk, and Risk Adaptation , 2006 .

[21]  Marlene Plumlee,et al.  An Analysis of the Underlying Causes Attributed to Restatements , 2009 .

[22]  Diane J. Janvrin,et al.  An Examination of Audit Information Technology Use and Perceived Importance , 2008 .

[23]  Gautam Shroff Enterprise Cloud Computing: Technology, Architecture, Applications , 2010 .

[24]  Severin V. Grabski,et al.  A Review of ERP Research: A Future Agenda for Accounting Information Systems , 2011, J. Inf. Syst..

[25]  Steve G. Sutton,et al.  Risk assessment in an extended enterprise environment: redefining the audit model , 2003, Int. J. Account. Inf. Syst..

[26]  Miklos A. Vasarhelyi,et al.  Principles of Analytic Monitoring for Continuous Assurance , 2004 .

[27]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[28]  Edward I. Altman,et al.  FINANCIAL RATIOS, DISCRIMINANT ANALYSIS AND THE PREDICTION OF CORPORATE BANKRUPTCY , 1968 .

[29]  Robert Moeller IT Audit, Control, and Security: Moeller/IT , 2010 .

[30]  Choon Seong Leem,et al.  A Framework for Certification and Audit of Application Service Provider—ASP , 2001, J. Syst. Integr..

[31]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[32]  Stephen W. Liddle,et al.  E-Business: Principles and Strategies for Accountants , 2001 .

[33]  Soushan Wu,et al.  Electronically auditing EDP systems: With the support of emerging information technologies , 2001, Int. J. Account. Inf. Syst..

[34]  Steve G. Sutton,et al.  Extended-enterprise systems' impact on enterprise risk management , 2006, J. Enterp. Inf. Manag..

[35]  Charles E. Wasley,et al.  Performance Matched Discretionary Accrual Measures , 2002 .

[36]  Alexandra DeFelice Cloud Computing: What Accountants Need to Know , 2010 .

[37]  Jennifer Blaskovich,et al.  Information Technology Outsourcing: A Taxonomy of Prior Studies and Directions for Future Research , 2011, J. Inf. Syst..

[38]  Miklos A. Vasarhelyi,et al.  Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens , 2006, Int. J. Account. Inf. Syst..

[39]  C. Janie Chang,et al.  Continuous auditing for web-released financial information , 2010 .

[40]  Robert R. Moeller,et al.  IT Audit, Control, and Security , 2010 .