Cloud Computing is the technology which is used to access services, resources, software and information offered in the internet cloud. All of the services which are offered in the internet cloud are shared amongst the users and are hence provided to all the different computers and other devices on-demand.

Most of the time, servers don't run at full capacity. That means there's unused processing power going to waste. It's possible to fool a physical server into thinking it's actually multiple servers, each running with its own independent operating system. The technique is called server virtualization. Thus, what the cloud is delivering is essentially virtualized services.

History:

The name cloud computing, which was coined in the year 2007, was inspired by the cloud symbol that's often used to represent the Internet in flow charts and diagrams. The term Cloud refers to “Internet” and computing means “to compute/to process”.  It's called cloud computing because the data and applications exist on a "cloud" of Web servers.

Distinct characteristics of Cloud Computing

• Sold on demand - typically by the minute or the hour

• Service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access)

• Assets in the form of Software as a Service (SaaS), Platform as a Service (PaaS) or even Information as a Service (IaaS).

Advantages:

Better Utilization of resources – By the method of sharing resources over the net, resource is not ‘wasted’. Someone or the other will always be making use of the resource unlike when bought individually.

Benefits for Small and medium sized businesses – Such organizations can instantly obtain the benefits of the enormous infrastructure without having to implement and administer it directly – This permits accessibility to multiple data centers anywhere in the world. It also means that as the need for resources increases, companies can add additional service as and when needed from the cloud computing vendor without having to buy additional hardware.

It is environmentally friendly – It reduces the number of hardware components and replaces them with cloud computing systems thus reducing energy costs for running hardware and cooling as well as reducing carbon dioxide emissions and hence conserves energy.

No direct investment – Organizations need not invest in purchasing software and install them on local machines. They can rent or borrow online software. All of the processing work and file saving will be done "in the cloud" of the Internet, and the users will plug into that cloud every day to do their computer work.

Disadvantages:

Privacy and Security Issues – information stored in the cloud is not only easily accessible by a private litigant or the government. Companies worry over the extent to which the service provider has the right to read — and make public — information that is put in the cloud.

Dependency Issues – Once a Company has adapted to the Cloud, it becomes way too dependent on it. Thus, the cloud becomes the one main database of all the services, information and other resources.

Conclusion:

Cloud computing, all said and done is a technology which holds great potential for the coming future as long as it is implemented carefully. No matter what one’s organizational requirements are cloud services make sense. Even a partial hybrid switch to the cloud may work. Moreover, cloud adoption is certain for an enormous number of organizations.

IT General controls when implemented by the management provide reasonable assurance to support the functioning of application and IT dependant manual controls. These controls span over the IT environment, computer operations, program access and data as well as program changes. There are three control objectives defined for the purpose of evaluation of ITGCs. These are Manage Changes, Logical Access Management (LAM), and Other ITGCs (including IT Operations).

The procedures to be implemented for the same are as follows:

• To ensure that all changes to applications are properly requested, authorized, tested, and approved before they are implemented to ensure intended functionality. (Manage Changes)

• To determine only authorized persons and applications have access to data and transactions, and that too only to perform their specifically authorized functions and no extra access has been granted to person or application. (Logical Access)

• Job scheduling, performing back-up and recovery, monitoring processing deviations, and performing problem and incident reporting monitoring. (Other ITGCs)

We perform tests of ITGCs on which we are relying to obtain evidence that they are operating effectively.  However, there may be situations in which we would not perform some or all of the tests of ITGCs.  When relying on ITGCs, it is essential to document how the ITGC objectives were met if we determine not to perform the primary control procedures some of which are listed as follows:

Manage Changes:

• Changes are authorized

• Changes are tested

• Changes are approved

• Changes are monitored

• Segregation of incompatible duties exists within the manage change environment

Logical Access:

• General system security settings are appropriate

• Password settings are appropriate

• Access to privileged IT functions is limited to appropriate individuals

• Access to system resources and utilities is limited to appropriate individuals

• User access is authorized and appropriately established

• Physical access to computer hardware is limited to appropriate individuals

• Logical access process is monitored

• Segregation of incompatible duties exists within the logical access environment

Other ITGCs:

• Financial data has been backed-up and is recoverable

• Deviations from scheduled processing are identified and resolved

• IT operations problems or incidents are identified, resolved, reviewed, and analyzed in a timely manner

Conclusion:
IT General controls affect almost all financial audits because of their significance and ubiquity. These areas could apply to any financial audit client and should be assessed as to their level of applicable risk to audit objectives in all financial audits.