Guidance for Audit Committees on Cloud Services


Government digital policy supports the move to the cloud and the use of cloud services is increasing rapidly in both the public and private sectors. Some more traditional organisations may, however, lack the capacity and expertise to select the right product for their needs, implement it securely and manage it effectively. In particular, the cost and effort of moving to cloud solutions and the skill sets required to manage them effectively should not be underestimated – particularly where multiple suppliers are involved.

The NAO guidance aims to help audit committee members to ask informed questions at three stages:• Assessment of cloud services. This section considers cloud services as part of organisational and digital strategies; the business case process; and due diligence.• Implementation of cloud services. This section covers system configuration; data migration; and service risk and security. • Management of cloud services. This section covers operational considerations; the need for assurance from third parties; and the capability needed to manage live running.

Full resource

This resource is hosted on an external website.

Read the full resource

Leave a comment

You must be logged in to post a comment.