Using Business Process-as-a-service
Thanks to cloud computing it is now possible to avail different computing resources so that one can access business process as a service. Cloud computing offers the unique business model whereby different consumers can access specific business processes that can be configured to meet their requirements. They can thereafter load their resultant data on the cloud. However, this kind of outsourcing though very useful it still offers some challenges in terms of internal and external auditing issues. Remote auditing can be used for resolving this issue.
There are some service models such as:
- Infrastructure as a service
- Platform as a service and
- Software as a service or SaaS.
Business process as a service or BPaaS is a specific type of the SaaS model that is relevant for the enterprise system. There are different solutions from SAP and IBM that serve as flexible platforms for BPaaS. Since the smaller enterprises are unable to afford the enterprise systems, the BPaaS is expected to serve as solutions with the complete acceptance of cloud computing. But, it is also true that with cloud computing coming in and the business process execution being outsourced the cloud consumers will naturally feel that they have lost control over both their data and the executions. A big issue is that of auditors who are unable to physically access the processes or the information system because of cloud computing. The solution can be provided by remote auditing or RA. RA is the process used by auditors to combine the technology of information and communication together with data analytics for the remote assessment and reporting on the correctness of financial data as well as internal controls and thereafter access the accuracy of the information system.
BPaaS and RA
In this business process as a service model clients of cloud computing are able to execute from a remote location processes in the cloud after having accessed and customized the processes in accordance with the present needs. These pre-defined processes are basically patterns such as the updating of customers’ record or the processing of a request made by a customer. Multi-tenancy is also possible in respect of individual clients. It is clear that remote processes are also possible since steps that are carried out in cloud are combined with the steps of the process that occur locally. One solution could well be that the entire process is outsourced and occurs in the cloud. The other solution could be that of partial outsourcing when the cloud management is restricted to only a part of the process.
Remote Auditing or RA has already been defined. It is also appreciated that both auditors, for internal as well as external, have no access to the cloud for the physical systems. This is a case where in the auditors can use RA for the examination of the audited as well as the provider of the cloud. RA can therefore well be developed as a workable means for making the audits possible and also to provide a high degree of assurance for the clouds.
There is total practicality for the use of RA for diverse types of audit. These include financial statements and compliance as well as operational audits. Compliance audits are conducted to confirm whether or not the audited party has acted in accordance with the various procedures as specified by the authority. These authorities could be the management or one of the regulatory bodies. An operational audit, on the other hand, involves a critical examination as well as evaluation of the operations of the audited that is conducted for the testing of the efficiency as well as the effectiveness of the audited.