Top 10 Do’s and Don’ts for Cloud MSP Audit

Cloud

Top 10 Do’s for Cloud MSP Audit

  1. Understand the requirements from MSP Audit clearly before committing date for actual audit
    • Eligibility Requirement
    • Audit Process Requirement for final Audit
    • Most importantly understand what areas you are strong and week
  2. Program Managing the entire Audit process is very Important. So ensure to have good experienced Program Manager who can coordinate with
    • 3rd Auditor
    • Internal Teams and leadership teams
    • Cloud Service provider Audit Teams
    • Ability to run complex program which is expected to complete in shorter duration
  3. Need to ensure entire team representing or facing Audit is motivated and stay positive
  4. Clarify the requirements as you progress during various stage of audit. Do not attempt to skip any section or process or assume anything
  5. Ensure your collocated teams understand the necessity of audit and contribute
  6. Run several mock audits to ensure
    • More clarity to team facing the audit
    • Articulation becomes easier
    • Coordination becomes easier
    • Verify and Justify through various internal auditors to get the artifacts and articulation validated
  7. Have Master copies of Artifacts in separate Project Repository and link the url’s to individual documents
  8. Connect with Auditor before the actual audit date to understand his requirements from this audit
  9. Better to have Mock Audit to ensure your current level and what is expected to be completed before final audit
  10. Read the audit requirement document multiple times as most of the answer and the requirement is clearly mentioned and it takes multiple reads and mock audits to get the right requirement for each audit control items

Top 10 Don’ts for Cloud MSP Audit

  1. Facing audit without Proper documentation, Review and without maintaining each project artifacts in separate repository
  2. Showcasing Artifacts and client cloud environments without client and respective stakeholder’s Approval
  3. Any Audit Control item need to be coordinated by one person and passing of control to various team members will end up in auditor losing the focus
  4. unless and otherwise approved by auditor don’t change the order of audit control items and jump to various control items for internal team availability and comfort
  5. At any time only team members, Program manager required for the specific audit control item need to be present in the audit area
  6. Do not argue with the auditor for any control item which gets failed during the audit as the auditor does come with summary at the end of the audit and will discuss on the same
  7. Do not share your project artifacts to other team members unless it is approved during audit
  8. If the team is not ready and confident, Don’t go for final audit without mock audit
  9. Dont wait for the auditor to give nod for each item. It is the responsibility of program manager to drive the show and each audit control tower Coordinator to drive and get concurrence with auditor. Failing auditor will not have confidence in our presentation
  10. Don’t go with the personal mind set from auditor as each auditor is different. Person who audited in mock audit will ask for different answers in main audit. So please understand the audit control items several times get it clarified before the audit and have backup artifacts covering all requirements of the control items as auditor gives option to present second or third project artifacts if not satisfied in first project artifacts and answers.
ABOUT THE AUTHOR

MADHAN RAMAKRISHNAN PMP ,PMI ACP

Director -Devops Practice/Program, Newt Global