Mobile cloud computing is a concept that has been gaining popularity, resulting from the synergistic integration of cloud computing and mobile computing with the goal of minimizing some of the limitations inherent in mobile computing (bandwidth, storage, autonomy, etc.) and giving greater plasticity to the services of the cloud computing providers. This new paradigm of computation has similar limitations to those associated with the paradigms that are at its origin. Therefore, it is essential that the research carried out in this area is concerned about understanding its impact on audit processes, which aim to verify and evaluate the mechanisms of the internal control system implemented to minimize threats to integrity, confidentiality, and availability of the information assets (data and/or information) stored on these platforms. Based on a literature review, this chapter aims to list a set of challenges associated with the adoption of mobile cloud computing within the scope of organizational auditing.
TopIntroduction
The integration of cloud computing with mobile computing has given rise to a new paradigm in the use of information and communication technologies (ICT) and of mobile applications (apps). This new paradigm, mobile cloud computing, has facilitated ubiquitous access to a wide range of ICT resources, yet it does pose several challenges that need to be adequately addressed for the security of owners, of information assets in the cloud, and of app users.
In the coming years, this new concept may continue to grow, with all the risks associated with it, as in all projects involving the use of ICT in organizations (Hatefi & Fasanghari, 2016). According to Hatefi and Fasanghari (2016), most organizations seek to define their strategy and objectives, taking into account the potential risks posed by the adoption of new ICTs associated with the storage of informational assets in the cloud, considering that these risks have a strong impact in the daily routines of any organization.
The information and communication technology (ICT) industry is in the midst of a shift that takes place once every 20-25 years to a new technology platform for growth and innovation. International Data Corporation (IDC) calls it the 3rd Platform, built on mobile devices and apps, cloud services, mobile broadband networks, big data analytics, and social technologies. These paradigm shifts are intertwined and rapidly impacting organizations around the world. In fact, from 2013 through 2020, IDC believes that 90% of IT industry growth will be driven by 3rd Platform technologies that, today, represent just 22% of ICT spending (Crook & Hopkins, 2013, p. 2).
The growing adoption of this new computational paradigm, which has taken place in the various organizational areas, especially the administrative and financial area, particularly in the accounting sector, is due to several reasons, namely the reduction of costs associated with the ICT management and the large-scale consolidation and optimization of the use of hardware and software resources (Wyslocka & Jelonek, 2015). According to Chou (Chou, 2015), this paradigm is highly complex, taking into consideration the convergence of several technological dimensions that pose enormous challenges regarding the protection and security of the information assets and that make the auditors' task difficult.
The auditability of information assets, when stored and processed according to the new paradigm of mobile cloud computing, must be ensured, allowing auditors to perform a correct risk assessment so that they can then implement the mechanisms necessary to mitigate risks. In order to develop an adequate understanding of this new technology and to rigorously advise organizations on the most relevant risks and control mechanisms, the role of internal auditors is crucial (Elefterie & Badea, 2016).
The mobile cloud computing in the cloud, providing scalability, mobility and reduced maintenance costs, has had a very positive role in the development of various types of business, with more organizations adopting these technologies as an integral part of the infrastructure that supports their operational activities, with a significant impact on accounting information systems. Considering that these systems are responsible for the processing and storage of sensitive and confidential information assets, the adoption of those technologies requires a rigorous analysis regarding the security of information assets and the use of apps (Brandas, Megan, & Didraga, 2015; Duncan & Whittington, 2016).
The security analysis of the information assets and of the use of apps can benefit from the research that has been or will be done in the field of cloud computing and of mobile computing, focused on the practices of the audit process. This action is fully justified now, when the research is reaching good levels in this area and the environmental context presents risk levels which can be harmful to organizations (Duncan & Whittington, 2016). We should bear in mind that cloud computing and mobile computing provide rapid updating cycles with an increasing rate of adoption of critical apps, thus requiring these technologies to be highly reliable.