Five Questions Board Members Need to Ask About Cloud Computing

Board members are hearing more and more from their management teams about the noteworthy business benefits of cloud computing, such as: Cloud strategies make the enterprise more efficient and agile. Cloud computing allows delivered services to be more innovative and more competitive. Cloud computing reduces overall operating costs. But how confident can boards be that management plans will achieve these benefits? Is there a way to know that, even if the benefits are real, increased operational risk will not outweigh those benefits? Fortunately, by understanding what cloud is and what it is not and by asking a few key questions of management teams, boards can gain that confidence—in management plans and strategic goals, as well as in the decisions made in response to those plans.

“Board members need a clear understanding of cloud computing benefits and how to maximize them through effective governance practices,” said Marc Vael, an ISACA board member and chief IT audit executive at Smals. “This requires the board to see cloud computing not as an IT project, but rather as a business strategy.” Bypassing established governance processes and failing to inform others within the enterprise about cloud computing initiatives may result in the enterprise assuming unknown risk and, thereby, increasing potential exposure. Without close monitoring and proper discipline, cost overruns may result if services are not turned off when they are no longer needed. Individually purchased services may conflict with established technology strategies. In some instances, acquisition of cloud services resulted in regulatory problems—problems that could have been avoided if usage plans were communicated and systematically considered beforehand.

According to ISACA, a nonprofit, independent association of more than 100,000 governance, risk, security and assurance professionals worldwide, boards should address five key questions to determine the strategic value that cloud services are expected to provide and the impact that the cloud may have on resources and controls:

  1. Do management teams have a plan for cloud computing?Have they weighed the value and opportunity costs?
  2. How do current cloud plans support the enterprise’s mission?
  3. Have executive teams systematically evaluated organizational readiness? For example, are the right skills available? Do cloud processes conflict with other established processes? Do cloud plans conflict with enterprise culture?
  4. Have management teams considered what existing investments might be lost in their cloud planning? Does the adoption of a cloud service nullify already-made technology investments that have not reached their planned end date, and is that noted and approved?
  5. Do management teams have strategies for measuring and tracking the value of cloud return vs. risk?

“The answers to these questions will help determine the enterprise’s readiness to adopt cloud computing and also help ensure that the necessary governance is in place,” said Vael. The challenge is for board members to have sufficient understanding of the opportunity that cloud presents so that they can effectively direct and monitor plans to leverage cloud and promote success.



  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events