Skip to main content

National Audit Office report: Guidance for audit committees on cloud services

Guidance for audit committees on cloud services

Outlining cloud services and their use in government, this guide suggests questions to ask at planning, implementation and management stages.

Outlining cloud services and their use in government, this guide suggests questions to ask at planning, implementation and management stages.

Public and private sector organisations are increasingly adopting cloud services with the aims of reducing costs, increasing efficiency and transforming their operations. Government policy supports this move but recognises that accessing systems through the internet can bring new contracting models and new challenges. Some organisations may lack the capacity or expertise to select the right product for their needs, implement it securely and manage it effectively.

Our guidance provides an overview of cloud services and outlines government policy on their use. It then sets out specific questions for audit committees to consider asking when engaging with their management at three stages:

  • Assessment of cloud services – looking at cloud services as part of organisational and digital strategies; the business case process; and due diligence.
  • Implementation of cloud services – considering system configuration; data migration; and service risk and security.
  • Management of cloud services – covering operational considerations; the need for assurance from third parties; and the capability needed to manage live running.

Our guidance points to and complements detailed cloud guidance available elsewhere.

April 2019

 

Publication details:

Published date: April 24, 2019