Cloud computing: Revisionsprocessen af finansielle virksomheder der anvender cloud computing

Isabella Ørgaard jensen

Student thesis: Master thesis


This thesis has the purpose of assessing how the audit process works for financial institutions using a Cloud Computing solution. An analysis of the management considerations in the application of Cloud Computing is also an important part of the thesis. The frames and legislation will be illuminated and analyzed as well. The thesis is based on the COSO ERM framework as well as the audit objectives. To assess the audit process with an auditor’s point of view, firstly an account of the frames within auditing and Cloud Computing is given. This includes the auditing standards, the Danish Privacy Act, Accountancy Act and specific regulation for the financial institutions. Pros and cons of Cloud Computing will also be described with special attentions to the corresponding risks and opportunities. Management considerations regarding Cloud Computing are analyzed, with focus on risk analysis, disaster recovery, vendor contract and considerations about the audit. It is argued that management shouldn’t be afraid to approach Cloud Computing, but it is important to know the alternatives and what Cloud Computing is and isn’t. The vendor contract is the foundation of a good Cloud solution and having a well-planned disaster recovery and business continuity plan might save the organization. The use of Cloud Computing in financial institutions in Denmark has stayed within a Private Shared Cloud within most banks. This has to do with the legislation and the barriers it makes for the use of for example Public Cloud Computing. The Danish Privacy Act and the Accountancy Act both collide with the use of cloud computing. The thesis leads up to the analysis and assessment of the IT-audit process for financial institutions using Cloud Computing. This is a composition of theory, regulation and provides an overview for the auditor as well as an understanding of the process for the management. The thread in this thesis is led by an ongoing auditor view in each chapter. To sum up the overall analysis and thoughts throughout the thesis, recommendations are given to the management and the auditors. Among other recommendations are that auditors should audit the frames and regulation as well as the security in compliance with the standards and frameworks for auditing. Auditors should also take the recommended management considerations into attention

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
Publication date2014
Number of pages83