The advent of the CLOUD Ecosystem has significantly changed the dynamics of the traditional Financial Statements Audit Universe because the techniques and tools financial statement auditors once used to gather electronic evidence in the mainframe, client/server, and web-base information processing environments are no longer suited for the CLOUD Ecosystem.
Auditing in the CLOUD Ecosystem can no longer be seen as a "standalone" initiative whereby a single financial statement auditor can gain access to all of the data files that are needed for testing and examination on a mainframe platform or client/server platform.
The challenges financial statement auditors are experiencing today are due to:
The fact that a single corporate or government solution could involve several of these independently owned and operated technologies and service platforms is no longer unusual in today's CLOUD computing environments, in fact, it is the norm.
Today, it is not unusual for a different auditor to represent each of the service providers that provide a single integrated solution for a company or government agency. This paradigm shift in the way Information Technology (IT) is acquired and operated demands new set of auditing standards and a change in financial statements auditors' mindset. In today's CLOUD computing environment, financial statement auditors must collaborate and share audit evidence with each other in an automated fashion and across the computing paradigm - usually over various business and transaction networks to be successful and diligent.
Each of these CLOUD-based services may be owned and operated by a separate service provider. Under what is considered a normal circumstance today, financial evidence that end up in financial statements may take hops across several of these platforms in a single compute paradigm and several financial statement auditors may be involved. This dynamic in part led to the formulation and promulgation of the AICPA Service Organization Control (SOC) standards.
Auditing in the CLOUD Ecosystem can no longer be seen as a "standalone" initiative whereby a single financial statement auditor can gain access to all of the data files that are needed for testing and examination on a mainframe platform or client/server platform.
The challenges financial statement auditors are experiencing today are due to:
- The distributed nature of CLOUD Computing
- The multiplicity of Base CLOUD Service Providers
- The multiplicity of Derivative CLOUD Service Providers
- Various CLOUD Deployment Models
- A multiplicity of Transaction Networks (PCI-DSS, etc.)
- Various Business Networks (Blockchain, etc.).
The fact that a single corporate or government solution could involve several of these independently owned and operated technologies and service platforms is no longer unusual in today's CLOUD computing environments, in fact, it is the norm.
Today, it is not unusual for a different auditor to represent each of the service providers that provide a single integrated solution for a company or government agency. This paradigm shift in the way Information Technology (IT) is acquired and operated demands new set of auditing standards and a change in financial statements auditors' mindset. In today's CLOUD computing environment, financial statement auditors must collaborate and share audit evidence with each other in an automated fashion and across the computing paradigm - usually over various business and transaction networks to be successful and diligent.
Each of these CLOUD-based services may be owned and operated by a separate service provider. Under what is considered a normal circumstance today, financial evidence that end up in financial statements may take hops across several of these platforms in a single compute paradigm and several financial statement auditors may be involved. This dynamic in part led to the formulation and promulgation of the AICPA Service Organization Control (SOC) standards.
- Testing Integration Standards -
- Testing Reconciliation Standards -
- Testing Inspection Standards -
- Considerations for Emerging Technologies -
- Rules of Evidence and Investigation Standards -
- ICFR Auditing Standards -