Compare courses
Nanyang Technological University Center for Continuing Education

Cloud Computing - What IT Auditors Needs to Know

This course has no confirmed dates in the future. Subscribe to be notified when it is offered.

Relevant courses

Course format
Starting after
Ending before


Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with Nanyang Technological University Center for Continuing Education.

Full disclaimer.


Cloud computing has emerged as one of the most significant information technology developments over the past decade. As a new framework for the way IT solutions are designed, sourced and used for services delivery, it offers organisations new and flexible ways to manage IT costs, scale IT operations and streamline related processes. However, with the new IT developments, new risks will emerge. This course will help you understand the risk implications of moving to the cloud, as well as strategies for managing those risks.


  • Understand the fundamentals and impact of Cloud Computing
  • Describe the different types of Cloud Computing architectures
  • Describe the different services that Cloud Computing provides
  • Describe some of the challenges to adopting a cloud architecture
  • Identify the top security threats to cloud computing
  • Understand how the risks associated with Cloud Computing vary from the traditional application service provider model
  • Develop an audit plan based on the different services of Cloud Services
  • Learn about auditing standard based on ISO27001 & ISO27018
  • Learn to utilise the myriad of tool/s to map out the risks and develop a comprehensive audit strategy


Day 1

  • Introduction
  • What is Cloud Computing?
  • Adoption of cloud
    • Current landscape
    • New business models
    • Key business drivers
  • Cloud computing architectures
  • Cloud computing service delivery models
  • Key attributes of Cloud Computing
  • Top Cloud considerations & challenges
  • Review of the Cloud risk map
    • Addressing risks in security & privacy
    • Data management
    • Governance & compliance
    • Operations
    • General business

Day 2

  • Background to Information Security Management System (ISMS)
  • ISO27001: Structure, Auditing Areas, Terms and Definitions
  • Auditor Competence, Responsibilities and Characteristics
  • Audit Evidence Triangle
  • Types of Audit
  • Audit Activities
  • Creating an Audit Plan
  • Creating an Audit Checklist
  • Audit Questioning Techniques
  • Conducting the opening Meeting
  • Prepare, Approve and Distribute
  • Conducting Audit follow-up Activities

Day 3

  • Nonconformities and Writing Nonconformities
  • Creating the Audit Report: Prepare, Approve and Distribute
  • Conducting Audit follow-up Activities
  • Case Study – Deep dive into Cloud technology (security & privacy)
    • Utilise Cloud risk map
    • Identify risks
    • Define scope
  • Develop an audit plan based on identified Cloud risks
  • Scenario based activity – Bring a fictional enterprise securely into the cloud

Who should attend

  • IT Internal Audit Practitioners
  • IT Managers
  • IT Professionals


Mr. Kenneth Ho is a seasoned consultant with extensive knowledge in information risk management, information security and information system audit. He is a certified ISO 27001 Lead Auditor, CRISC, CISSP, CCSK and CISA. He has 20 years of experience in security assessment, design, implementation ...
Show more

Course reviews

Reviews for this course are not publicly available