Cloud Computing - What IT Auditors Needs to Know

NTU Professional and Continuing Education (PaCE@NTU)

Course introduction

Cloud computing has emerged as one of the most significant information technology developments over the past decade. As a new framework for the way IT solutions are designed, sourced and used for services delivery, it offers organisations new and flexible ways to manage IT costs, scale IT operations and streamline related processes. However, with the new IT developments, new risks will emerge. This course will help you understand the risk implications of moving to the cloud, as well as strategies for managing those risks. 

Course Benefits

• Understand the fundamentals and impact of Cloud Computing
• Describe the different types of Cloud Computing architectures
• Describe the different services that Cloud Computing provides
• Describe some of the challenges to adopting a cloud architecture
• Identify the top security threats to cloud computing
• Understand how the risks associated with Cloud Computing vary from the traditional application service provider model
• Develop an audit plan based on the different services of Cloud Services
• Learn about auditing standard based on ISO27001 & ISO27018
• Learn to utilise the myriad of tool/s to map out the risks and develop a comprehensive audit strategy

Course Pre-Requisites

To be eligible for SF Series subsidy, participants: 
- must be Singaporeans or Permanent Residents of Singapore 
* Participants who do not fulfill the above criteria are not eligible for SF Series funding, and are required to pay the course fee in full. 

Course supported for the new Union Training Assistance Programme (UTAP) funding 

Union members may enjoy up to $250 unfunded course fee support when you sign up for courses supported under UTAP. Conditions apply. Visit for more information.  

Target Audience

• IT Internal Audit Practitioners
• IT Managers
• IT Professionals 

Course Outline

Day 1
• Introduction
• What is Cloud Computing? 
• Adoption of cloud 
- Current landscape 
- New business models 
- Key business drivers
• Cloud computing architectures 
• Cloud computing service delivery models 
• Key attributes of Cloud Computing
• Top Cloud considerations & challenges
• Review of the Cloud risk map 
- Addressing risks in security & privacy 
- Data management 
- Governance & compliance 
- Operations 
- General business

Day 2
• Background to Information Security Management System (ISMS)
• ISO27001: Structure, Auditing Areas, Terms and Definitions
• Auditor Competence, Responsibilities and Characteristics
• Audit Evidence Triangle
• Types of Audit
• Audit Activities
• Creating an Audit Plan
• Creating an Audit Checklist
• Audit Questioning Techniques
• Conducting the opening Meeting
• Prepare, Approve and Distribute
• Conducting Audit follow-up Activities

Day 3
• Nonconformities and Writing Nonconformities
• Creating the Audit Report: Prepare, Approve and Distribute
• Conducting Audit follow-up Activities
• Case Study – Deep dive into Cloud technology (security & privacy) 
- Utilise Cloud risk map 
- Identify risks 
- Define scope 
• Develop an audit plan based on identified Cloud risks 
• Scenario based activity – Bring a fictional enterprise securely into the cloud  

Cancellation & Refund Policy
A written notification to or fax to
6774 2911 before course closing date.
No cancellation charges (Full refund)
A written notification on or after course closing date. No Refund
SkillsFuture Credit (if applicable):
- Participant to cancel their claim with WDA
- PaCE Collegereserves the rights to collect the full fee amount from the participant
Replacement Policy
Given a 3 days notice before course commencement, companies may replace participants who have signed up for the course. Terms and conditions apply.
There is no replacement for participant utilising SkillsFuture Credit. Participant to cancel their SkillsFuture Credit claim with WDA.
Terms and Conditions
• Course is subject to a minimum participation before commencement
• Course is subject to a first-come-first-serve basis in light of overwhelming responses
• PaCE Collegereserves the right to change or cancel any course or trainer, in light of unforeseen circumstances
• All details are correct at time of dissemination
Privacy Clauses
At PaCE College, participants’ personal information is collected, used and disclosed for the following purposes:
  1. To process your application.
  2. For course administration and billing.
  3. To enable the trainers to know the background of the course participants.
  4. To submit to governmental authorities for funding verification, administration and survey conducted by them (only applicable to funded courses).
  5. To submit to NTU Alumni Affairs Office, NTUC and other relevant organisations for course discount verification (if applicable).
  6. To issue certificate to the course participants.
  7. For marketing of courses to participants via E-newsletter.
  8. To understand and study the profile of its course participants for NTU’s policy making and planning.
  9. To deal with any matter related to the course.

Available Course Sessions

Course Date, Time Reg. Closes On
1 03 Apr' 19 to 05 Apr' 19, 9.00am to 5.00pm 31 Mar' 19 Register Now

Trainer Profile

Ho, Kenneth

Mr. Kenneth Ho is a seasoned consultant with extensive knowledge in information risk management, information security and information system audit. He is a certified ISO 27001 Lead Auditor, CRISC, CISSP, CCSK and CISA.

He has 20 years of experience in security assessment, design, implementation and management consultancy in the above domains, and has worked in a number of industries, including the health, airline, electronics, manufacturing, finance and telecommunication.

His professional expertise ranges from Information Security and Compliance Officer to Security Consultant. His direct technology experience spans enterprise architecture, telecommunications networks, network management systems, business continuity, and security operations process.

Kenneth holds a Bachelor of Applied Science in Computer Technology Degree and a Postgraduate Certificate in Network Engineering from Nanyang Technological University.