(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 9, No. 12, 2018 467 | Page www.ijacsa.thesai.org Cloud Computing Auditing Roadmap and Process Mohammad Moghadasi, Dr. Seyed Majid Mousavi, Dr. Gábor Fazekas Department of Informatics, University of Debrecen, Hungary Abstract—Cloud Computing is a new form of IT system and infrastructure outsourcing as an alternative to traditional IT Outsourcing (ITO). Hence, migration to cloud computing is rapidly growing among organizations. Adopting this technology brings numerous positive aspects, although imposing different risks and concerns to organization. An organization which officially deputes its cloud computing services to outside (offshore or inshore) providers and implies that it outsources its functions and process of its IT to external BPO services providers. Therefore, customers of cloud must evaluate and manage the IT infrastructure construction and the organization’s IT control environment of BPO vendors [25]. Since cloud is an internet- based technology, cloud auditing would be very critical and challengeable in such an environment. This paper focuses on practices related to auditing processes, methods, techniques, standards and frameworks in cloud computing environments. Keywords—Cloud computing; cloud auditing; IT outsourcing I. INTRODUCTION Outsourcing IT operations is not a new concept. Recently, Cloud computing is a new concept in the outsourcing IT operations as an adopted paradigm for delivering IT services over the Internet by organizations. Maximum utilization of hardware and software by sharing resources through virtualization, elastically, flexibility and decreasing capital and operational expenditures (CAPEX and OPEX) has made popular this IT paradigm. Supporting thousands of business needs, Simplify and streamline enterprise collaboration, cost management, availability, and scalability are only a few of countless motivations for organizations to adopt cloud computing. This new technology also brings risks and concerns to organization. The number of IT outsource providers in cloud recently has increased and this increment has brought large number of risks to the scene. As well as the providers, IT outsourcing risks are considerably increased, these risks are applied and enforced all over the life cycle of cloud computing and its services, either an organization is already implemented cloud services and solutions within its environments or planning on becoming a cloud-based company or an affiliated organization [1]. This paper contributes to provide a comprehensive perspective in auditing processes, different approaches and frameworks, and key concepts in cloud computing environments. According to SOX section 302 [2], Chief Financial Officer (CFO) and Chief Executive Officer (CEO) support the credibility of their corporation and are responsible for the accuracy of financial reports of their company annually and quarterly. Even if these business reports and relevant data exist in different locations, units, teams, departments, business sites, data centers and or in different cities or countries [35]. Thus, for organizations, it is important that the IT operations in the cloud comply with applicable legislation and SLAs (Service Level Agreement). As cloud computing is a new orientation in IT and business processing outsourcing, organizations would make good use of this technology in their business procedures [26]. The importance of IT auditing and especially cloud computing auditing is an essential effort to ensure the proper functioning processes of an organization’s IT systems, management, operations and related processes, to avoid fraudulent, in order to have comprehensive and accurate financial view of their business. Internal auditing is a crucial component of any organizational processes; thus, being a strategic collaborator to an organization is not the only essential element but performing ordinary quality assurance is also crucial in cloud- based organizations. As well as enhancing the organizations’ productivity and efficacy in the improvement of their IT processes throughout these activities. [3,4 and 34]. Hence, this paper aims to provide a contribution to the understanding of different aspects in cloud auditing [33], its risks and benefits in cloud environments, in order to shed light on the cloud computing audit practices. In this paper, we address different cloud auditing practices related to processes, techniques, test steps, standards and frameworks with the purpose of answering the following questions: 1) How to maximize the value of the IT audit function? 2) What are specific components and key controls which might be necessary for cloud environment auditing? 3) How to determine appropriate cloud auditing process? 4) Which frameworks and standards are recommended to do a cloud audit? The present paper is structured according to the followings: The forthcoming section differentiates between IT outsourcing and cloud computing [25]. The implication and importance of cloud auditing are explained in section three. After that, in section four, cloud auditing approaches and techniques are discussed. Test steps and key controls come in section five. Sixth section points out cloud auditing standards and frameworks [25]. And at last as a final result of this paper a conclusion is presented in section eight. II. IT OUTSOURCING AND CLOUD COMPUTING A. IT Outsourcing Most of the times, impossibility of conducting all aspect of affairs, business process or being temporarily some processes justify hiring external required resources and professionals to perform operations in organization [5]. Utilization of external required resources to conduct a specific business processes, is