Abstract - In the light of the rapidly changing and benefits brought by cloud computing, the study is to find the critical factors that may hinder the benefits of cloud adoption, with respective measures proposed. It was found that control self-assessment (CSA) can enhance the IS security and improve business value delivery. A research model between CSA, cloud security (CS) and cloud-related business performance (CBP) are proposed, tested by distributing surveys to collect raw data, and afterward analyzed by Partial Least Square (PLS). The results can contribute to cloud adoption with practical measures suggestions. Keywords - Cloud-related business performance, cloud security, control self-assessment, IS security. I. INTRODUCTION As a fast-growing emerging computing paradigm since 2006, cloud computing has changed the way of IT management and has brought various benefits such as cost-saving, dynamic scalability, enriched efficiency and optimized IT resource utilizations [1] [2]. But its increasing popularity has also led to risk and security concern [3]. With the confidential data and business- critical applications in the cloud, the daily operation can be ruined if the cloud systems and applications go down and there are no contingency plans. Yet, a widely acknowledged solution is not available [4] [5] [6] Companies’ passion on cloud adoption for competition advantages and customers demand has brought the exponential growth of cloud market [7]. It would be useful to find the key factors, as well as effective, efficient and all-rounded measures for Information security (InfoSec) protection. II. AIM AND OBJECTIVE The control self-assessment (CSA), as an IS audit technique, would be studied to see if it can enhance the security level of cloud projects and the cloud-related business performance (CBP), with the related security problems also addressed. The results can help optimizing cloud security policy, enhancing cloud security (CS), ensuring proper data and information usage and storage, and ensuring the cloud to work properly. This paper focus on the CSA implementation, key factors of CS, CBP, and their inter-relationship, excluding external audit on cloud, detailed cloud infrastructure and the services selection. III. RESEARCH QUESTIONS By answering the following questions, we may better understand, thus manage cloud adoption for better business. 1) What are the critical factors that hinder the company from maximizing the benefits of cloud adoption? 2) Would there be any measures that could deal with the obstacles of cloud adoption in the long term? 3) Would there be any measures that could increase the business value delivered to the company by cloud adoption? IV. LITERATURE REVIEW A. Cloud Computing Among different possible definition [8], in 2011, National Institute of Standards and Technology (NIST) defined cloud computing as follows [9], "… a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." Widely acknowledged in recent researches [10] [11], NIST definition will be adopted. B. The Impact of Cloud Adoption on Business Performance The term "Cloud-related Business Performance" is not commonly seen. However, the impacts of cloud implementation on business performance are often discussed. The suggested advantages includes reduction of initial and maintenance costs of ICT capital supports on peak-load capacity increment as well as centralization of infrastructures in areas with lower costs [12], improvement of competitiveness and flexibility of scaling up or down the amount of required resources [12] [13] However, there are also some potential risks of using cloud services, such as loss of direct control of resources and software, increased liability risk due to security breaches and data leaks as a result of using shared external resources, and decreased reliability since the service providers may go out of business, causing business continuity and data recovery issues [13]. An Investigation on the Relationship Between Control Self-Assessment, Cloud Security, and Cloud-Related Business Performance - Using Partial Least Squares Cheuk Hang Au 1 , Walter S. L. Fung 2 , Aaron Tses 3 1 Department of Decision Sciences and Managerial Economics, The Chinese University of Hong Kong, Hong Kong 2 Department of Computing, The Hong Kong Polytechnic University, Hong Kong 3 Department of Marketing, The Chinese University of Hong Kong, Hong Kong allen.au@link.cuhk.edu.hk 1879 978-1-5090-3665-3/16/$31.00 ©2016 IEEE