NAO issues guidance for audit committees on cloud services
The National Audit Office (NAO) has published guidance for audit committees on cloud IT services and their use in government, with suggested questions to ask at planning, implementation and management stages
1 May 2019
The audit watchdog says public and private sector organisations are increasingly adopting cloud services with the aims of reducing costs, increasing efficiency and transforming their operations.
Government policy supports this move but recognises that accessing systems through the internet can bring new contracting models and new challenges. Some organisations may lack the capacity or expertise to select the right product for their needs, implement it securely and manage it effectively.
The NAO’s guidance provides an overview of cloud services and outlines government policy on their use. It then sets out specific questions for audit committees to consider asking when engaging with their management at three stages.
The first stage is the assessment of cloud services, with questions looking at cloud services as part of organisational and digital strategies, the business case process, and due diligence.
Secondly the guide covers the implementation of cloud services, considering system configuration, data migration, and service risk and security. Finally, it provides advice on the management of cloud services, covering operational considerations, the need for assurance from third parties, and the capability needed to manage live running.