Our cloud guidance for audit committees builds on our 2019 guidance. We have seen more of the public sector turn to cloud services and government spending with the major cloud providers has increased in the last five years. We have updated our guidance to reflect this and to recognise wider developments and evolution of cloud services.
Outlining cloud services and their use in government, this guide suggests questions to ask at planning, implementation and management stages.
Public and private sector organisations are increasingly adopting cloud services with the aims of reducing costs, increasing efficiency and transforming their operations. Government policy supports this move but recognises that accessing systems through the internet can bring new contracting models and new challenges. Some organisations may lack the capacity or expertise to select the right product for their needs, implement it securely and manage it effectively.
Our guidance provides an overview of cloud services and outlines government policy on their use. It then sets out specific questions for audit committees to consider asking when engaging with their management at three stages:
- Assessment of cloud services – looking at cloud services as part of organisational and digital strategies, the business case process, and due diligence.
- Implementation of cloud services – considering system configuration, data migration, and service risk and security.
- Management and optimisation of cloud services – covering operational considerations, the need for assurance from third parties, and the capability needed to manage live running.
Our guidance points to and complements detailed cloud guidance available elsewhere.