Cloud computing: Overview and risk analysis

Journal of Information Systems

Volumn 26, Issue 2, 2012, Pages 13-33

  Alali, Fatima A ^a   Yeh, Chia Lun ^a  

^a CALIFORNIA STATE UNIVERSITY   (United States)

Author keywords

Accounting and auditing research; Cloud computing; Risk characteristics

Indexed keywords

EID: 84870736141     PISSN: 08887985     EISSN: 15587959     Source Type: Journal    
DOI: 10.2308/isys-50229     Document Type: Article

References (70)

1. Ahn, J. G., C. S. Leem, and J. H. Yang. 2001. A framework for certification and audit of application service providers-ASP. Journal of Systems Integration 10 (239): 239-252.
2. Alles, M., G. Brennan, A. Kogan, and M. A. Vasarhelyi. 2006. Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems 7 (2): 137-161.
3. Altman, E. 1968. Financial ratios, discriminant analysis, and the prediction of corporation bankruptcy. Journal of Finance 23: 589-609.
4. American Institute of Certified Public Accountants (AICPA). 1992. Service Organizations. SAS 70. New York, NY: AICPA.
5. American Institute of Certified Public Accountants (AICPA). 2001. The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit. SAS 94. New York, NY: AICPA.
6. American Institute of Certified Public Accountants (AICPA). 2011. Reporting on Controls at a Service Organization. SSAE 16. New York, NY: AICPA.
7. Ames, B., and F. Brown. 2011. Auditing the cloud. Internal Auditor (August): 35-39.
8. Armbrust, M., A. Fox, R. Griffith, A. D. Joseph, R. Katz, and A. Konwinski. 2010. A view of cloud computing. Communications of the ACM 53 (4): 50-58.
9. Blaskovich, J., and N. Mintchik. 2011. Information technology outsourcing: A taxonomy of prior studies and direction for future research. Journal of Information Systems 25 (1): 1-36.
10. Buyya, R., C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic. 2009. Cloud computing and IT emerging platforms: Vision, hype, and reality for delivery computing as the 5th utility. Future Generation Computer Systems 25: 599-616.
11. Cannon, J. C. 2004. Privacy: What Developers and IT Professionals Should Know. Boston, MA: Addison-Wesley.
12. Cash, J. I., A. D. Bailey Jr., and B. Andrew. 1977. A survey of techniques for auditing EDP-based accounting information systems. The Accounting Review 22 (4): 813-832.
13. Chou, C., and J. Chang. 2010. Continuous auditing for web-released financial information. Review of Accounting and Finance 9 (1): 4-32.
14. Cohen, R. 2009. Examining cloud computing mergers and acquisitions. Available at: http://java.sys-con. com/node/893141
15. Committee of Sponsoring Organizations of Treadway Commission (COSO). 2011. Internal Control-Integrated Framework. Exposure draft. New York, NY: COSO.
16. Curtis, M. B., J. G. Jenkins, J. C. Bedard, and D. R. Deis. 2009. Auditors' training and proficiency in information systems: A research synthesis. Journal of Information Systems 23 (1): 79-96.
17. Davis, C., M. Schiller, and K. Wheeler. 2006. IT Auditing: Using Controls to Protect Information Assets: Auditing Cloud Computing and Outsourced Operations. New York, NY: McGraw-Hill Osborne Media.
18. Debreceny, R. S., G. L. Gray, J. Ng, and K. Lee. 2005. Embedded audit modules in enterprise resource planning systems: Implementation and functionality. Journal of Information Systems 19 (2): 7-27.
19. DeFelice, A. 2010. Cloud computing: What accountants need to know. Journal of Accountancy (October): 50-55.
20. Deshmukh, A. 2006. Digital Accounting: The Effects of the Internet and ERP on Accounting. Hershey, PA: IRM Press.
21. Du, H., and Y. Gong. 2010. Cloud computing, accounting, auditing, and beyond. The CPA Journal (October): 66-70.
22. Elder, R., Y. Zhang, J. Zhou, and N. Zhou. 2009. Internal control weakness and client risk management. Journal of Accounting, Auditing and Finance 24 (4): 543-579.
23. Francis, J. D., D. Philbrick, and K. Schipper. 1994. Shareholder litigation and corporation disclosures. Journal of Accounting Research 32: 137-164.
24. Garland, P., R. Gittings, and M. Pearl. 2010. Cloud computing gets strategic: Reducing technology costs is just the starting point. PricewaterhouseCoopers View 13: 1-12.
25. Gartner Research. 2011. Gartner identifies seven major projects CIOs should consider during the next three years. Press Release. Available at: http://www.gartner.com/it/page.jsp?id1/41465614
26. Gill, R. 2011. Why cloud computing matters to finance. Strategic Finance (January): 43-47.
27. Glover, S., S. Liddle, and D. Prawitt D. 2001. E-Business: Principles and Strategies for Accountants. Englewood Cliffs, NJ: Prentice Hall.
28. Grabski, S. V., S. A. Leech, and P. J. Schmidt. 2011. A review of ERP research: A future agenda for accounting information systems. Journal of Information Systems 25 (1): 37-78.
29. Groomer, S. M., and U. S. Murthy. 1989. Continuous auditing of database applications: An embedded audit module approach. Journal of Information Systems 3 (2): 53-69.\
30. Harauz, J., L. M. Kaufman, and B. Potter. 2009. Data security in the world of cloud computing. IEEE Security & Privacy 7 (4): 61-64.
31. Hogan, M. D., F. Liu, A. W. Sokol, and T. Jin. 2011. NIST Cloud Computing Standards Roadmap. Available at: http://www.nist.gov/customcf/get_pdf.cfm?pub_id1/4909024
32. Information Commissioner's Office. 2008. Data Protection guidance note: Privacy enhancing technologies (PETs). Available at: http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_ specialist_guides/privacy_enhancing_technologies_v2.pdf
33. Information Systems Audit and Control Association (ISACA). 2009a. Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives. Rolling Meadows, IL: ISACA.
34. Information Systems Audit and Control Association (ISACA). 2009b. Cloud Computing Management Audit/Assurance Program. Rolling Meadows, IL: ISACA.
35. Information Systems Audit and Control Association (ISACA). 2010. Cloud Computing Management Audit/ Assurance Program. Rolling Meadows, IL: ISACA.
36. IT Governance Institute (ITGI). 2005. COBIT 4.0: Control Objectives for Information and Related Technology. Rolling Meadows, IL: ITGI.
37. Jansen, W., and T. Grance. 2011. Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144. Gaithersburg, MD: NIST.
38. Janvrin, J. D., J. Bierstaker, and D. J. Lowe. 2008. An examination of audit information technology use and perceived importance. Accounting Horizons 22 (1): 1-21.
39. Johnstone, K. 2000. Client-acceptance decisions: Simultaneous effects of client business risk, audit risk, auditor business risk, and risk adaption. Auditing: A Journal of Practice & Theory 19 (1): 1-25.
40. Kilpatrick, T. 2000. Auditing manufacturing costs. The Internal Auditor 57 (3): 25.
41. Knolmayer, F., and P. Asprion. 2011. Assuring Compliance in IT Subcontracting and Cloud Computing. Working paper, University of Bern.
42. Kotb, A., and C. Roberts. 2011. The impact of e-business on the audit process: An investigation of the factors leading to change. International Journal of Auditing 15: 150-175.
43. Kothari, S., A., Leone, and C. Wasley. 2005. Performance matched discretionary accrual measures. Journal of Accounting and Economics 39 (1): 163-197.
44. KPMG. 2010. Audit in the cloud: Security audits versus cloud computing. Available at: http://www. slideshare.net/eburon/audit-in-the-cloud-kpmg
45. Kuhn J. R., Jr., and S. G. Sutton. 2010. Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems 24 (1): 91-112.
46. Liang, D., F. Lin, and S. Wu. 2001. Electronically auditing EDP systems with the support of emerging information technologies. International Journal of Accounting Information Systems 2 (2): 130-147.
47. Licklider, J. C. R. 1963. Memorandum for: Members and Affiliates of the Intergalactic Computer Network; Topics for Discussion at the Forthcoming Meeting. Washington, D.C.: Advanced Research Projects Agency.
48. McCarthy, J. 1961. Centennial Keynote Address. Massachusetts Institute of Technology.
49. Moeller, R. 2010. IT Audit, Control and Security. Hoboken, NJ: John Wiley & Sons.
50. Mohamed, A. 2009. A history of cloud computing. Available at: http://www.computerweekly.com/Articles/ 2009/06/10/235429/A-history-of-cloud-computing.htm
51. Moltzen, E. F. 2010. Analysis: Cloud stocks flying higher and higher. Available at: http://www.crn.com/ news/channel-programs/222300414/analysis-cloud-stocks-flying-higher-and-higher. htm;jsessionid1/4LRLqmGqyEBtVG7A00Z7bpw**.ecappj01
52. National Institute of Standards and Technology (NIST). 2012. Inventory of standards relevant to cloud computing. Available at: http://collaborate.nist.gov/twiki-cloud-computing/bin/view/ CloudComputing/StandardsInventory
53. Pathak, J., and M. Lind. 2010. An e-business audit service model in the B2B context. Information Systems Management 27 (2): 146-155.
54. Public Company Accounting Oversight Board (PCAOB). 2007. An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements. Auditing Standard No. 5, Release No. 2007-005A. Washington, DC: PCAOB.
55. Pearson, S. 2009. Taking Account of Privacy when Designing Cloud Computing Services. Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, BC.
56. Plumlee, M., and T. L. Yohn. 2010. An analysis of the underlying causes attributed to restatements. Accounting Horizons 24 (41).
57. Rashty, J., and J. O'Shaughnessy. 2010. Revenue recognition for cloud-based computing arrangements. The CPA Journal (November): 32-35.
58. Rezaee, Z., R. Elam, and A. Sharbatoghlie. 2001. Continuous auditing: The audit of the future. Managerial Auditing Journal 16 (3): 150-158.
59. Ross, S. J. 2010. Recovery in the cloud. Information Systems Control Journal 3: 4-5.
60. Shroff, G. 2010. Enterprise Cloud Computing: Technology, Architecture, Application. New York, NY: Cambridge University Press.
61. Singleton, T. W. 2010. IT audits of cloud and SaaS. ISACA Journal (3): 1-3.
62. Sutton, S. G. 2006. Extended-enterprise systems' impact on enterprise risk management. Journal of Enterprise Information Management 19 (1/ 2): 97-114.
63. Sutton, S. G., and C. Hampton. 2003. Risk assessment in an extended enterprise environment: Redefining the audit model. International Journal of Accounting Information Systems 4 (4): 57-73.
64. U.S. Department of Commerce. 2008. The Statistical Abstract: Information and Communication. Suitland, MD: U.S. Census Bureau.
65. Vael, M. 2010. Cloud computing: An insight in the governance and security aspects. Available at: http:// www.isaca.org/Groups/Professional-English/information-secuirty-management/GroupDocuments/ Across%20Cloud%20Computing%20governance%20and%20risks%20May%202010.pdf
66. Vasarhelyi, M. A., M. Alles, and A. Kogan. 2004. Principles of analytic monitoring for continuous assurance. Journal of Emerging Technologies in Accounting 1: 1-21.
67. Warfield, T. D., J. J. Wild, and K. L. Wild. 1995. Managerial ownership, accounting choices, and informativeness of earnings. Journal of Accounting and Economics 20: 61-91.
68. Westervelt, R. 2006. New SAP business unit to focus on compliance. Available at: http://searchsap. techtarget.com/news/1188877/New-SAP-business-unit-to-focus-on-compliance
69. Wright, S., and A. M. Wright. 2002. Information system assurance for enterprise resource planning systems: Unique risk considerations. Journal of Information Systems 16 (1, Supplement): 99-113.
70. Zhao, N., D. C. Yen, and I. C. Chang. 2004. Auditing in the e-commerce era. Information Management and Computer Security 12 (5): 389-400.