Cloud computing assurance – a review of literature guidance

This paper aims to provide guidance on cloud computing assurance from an IT governance point of view. The board and executive management are tasked with ensuring proper governance of organizations, which should in the end contribute to a sense of assurance. Assurance is understood to be a part of corporate governance which provides stakeholders with confidence in a subject matter by evaluating evidence about that subject matter. Evidence will include proof that proper controls and structures are in place, that risks are managed and that compliance with internal and external requirements is demonstrated with regard to the subject matter. Decisions regarding the use of cloud computing in organizations bring these responsibilities to the fore.

The design of this paper is based on an extensive review of literature, predominantly best practices and standards, from the fields covering IT governance, cloud computing and assurance.

The results from this paper can be used to formulate cloud computing assurance evidence statements, as part of IT governance mandates.

This paper aims to add value by highlighting the responsibility of managers to ensure assurance when exploiting opportunities presented through IT advances, such as cloud computing; serving to inform management about the advances that have and are being made in the field of cloud computing guidelines; and motivating that these guidelines be used for assurance on behalf of organizations adopting and using cloud computing.