Board of Directors Handbook for Cloud Risk Governance

This paper is for the Boards of Directors of organizations that are engaging in a new, or substantially increased, adoption of cloud technology perhaps as part of a wider digital transformation of their business.

We aim to offer practical guidance, in the form of questions that can help structure your oversight of, and engagement with, management’s approach to adopting cloud, and to ensure that independent risk and audit functions are appropriately equipped to support that process.

To suggest, however, that your organization’s adoption of cloud is simply a new series of risks to manage would be wrong. The adoption of cloud is in many cases an increasing imperative for organizations to remain competitive and to fully realize technology, data and overarching business strategies. And, beyond that, the adoption of cloud is a significant opportunity for organizations to reimagine how whole classes of enterprise risk can be better managed, and presents opportunities to tackle risks that previously would have been commercially unrealistic to fully address.

This paper will therefore provide an overview of the key tenets of cloud technology, why it is increasingly important in realizing business strategies, the risk benefits of a well-executed cloud adoption, and our guidance for Boards of Directors in their oversight of that adoption.