Five Questions Board Members Need to Ask About Cloud Computing

“Board members need a clear understanding of cloud computing benefits and how to maximize them through effective governance practices,” said Marc Vael, an ISACA board member and chief IT audit executive at Smals. “This requires the board to see cloud computing not as an IT project, but rather as a business strategy.” Bypassing established governance processes and failing to inform others within the enterprise about cloud computing initiatives may result in the enterprise assuming unknown risk and, thereby, increasing potential exposure. Without close monitoring and proper discipline, cost overruns may result if services are not turned off when they are no longer needed. Individually purchased services may conflict with established technology strategies. In some instances, acquisition of cloud services resulted in regulatory problems—problems that could have been avoided if usage plans were communicated and systematically considered beforehand.

According to ISACA, a nonprofit, independent association of more than 100,000 governance, risk, security and assurance professionals worldwide, boards should address five key questions to determine the strategic value that cloud services are expected to provide and the impact that the cloud may have on resources and controls:

  1. Do management teams have a plan for cloud computing?Have they weighed the value and opportunity costs?
  2. How do current cloud plans support the enterprise’s mission?
  3. Have executive teams systematically evaluated organizational readiness? For example, are the right skills available? Do cloud processes conflict with other established processes? Do cloud plans conflict with enterprise culture?
  4. Have management teams considered what existing investments might be lost in their cloud planning? Does the adoption of a cloud service nullify already-made technology investments that have not reached their planned end date, and is that noted and approved?
  5. Do management teams have strategies for measuring and tracking the value of cloud return vs. risk?

“The answers to these questions will help determine the enterprise’s readiness to adopt cloud computing and also help ensure that the necessary governance is in place,” said Vael. The challenge is for board members to have sufficient understanding of the opportunity that cloud presents so that they can effectively direct and monitor plans to leverage cloud and promote success.


Chief Executive magazine (published since 1977) is the definitive source that CEOs turn to for insight and ideas that help increase their effectiveness and grow their business. Chief Executive Group also produces e-newsletters and online content at and manages Chief Executive Network and other executive peer groups, as well as conferences and roundtables that enable top corporate officers to discuss key subjects and share their experiences within a community of peers. Chief Executive facilitates the annual “CEO of the Year,” a prestigious honor bestowed upon an outstanding corporate leader, nominated and selected by a group of peers, and is known throughout the U.S. and elsewhere for its annual ranking of Best & Worst States for Business. Visit for more information.