Cloud adoption brings unexpected costs, KPMG survey says


Companies moving IT systems to the cloud are encountering higher costs and more implementation problems than they expected, KPMG International reports in a new survey scheduled to be released on Tuesday.

About one-third of the more than 650 business and IT leaders in the global survey experienced higher-than-anticipated expenses adopting cloud-computing services, while a similar number reported significant implementation challenges.

Rick Wright, leader of KPMG’s Global Cloud Enablement Program, said companies need to focus on more than just technology issues when developing their cloud adoption strategies. Companies should examine their business processes and redesign them as needed to secure a smoother transition to the cloud.
“Simply put, executives have found that simultaneous process redesign is central to addressing the complexities that often arise in the implementation and operational phases of cloud adoption,” Wright, a partner with KPMG LLP, said in a news release.

Moving to the cloud is not about short-term cost savings, said Erik Asgeirsson, president and CEO of CPA2Biz, the AICPA’s technology subsidiary. “It’s about positioning your business for new fields of growth,” he said. “Down the line, there certainly are cost advantages, but some investment is required upfront, particularly to work through change management issues.”

Executives in the KPMG survey cited lower, long-term IT costs as their top reason for moving to the cloud. Among the other benefits sought were more efficient operations, more flexible operating models, and faster speed to market, Wright said.

To maximize the long-term benefits of cloud computing, companies should develop a cloud strategy that ensures alignment with core business objectives and minimizes the risk of implementation problems, KPMG said. The firm pointed to security issues as an area where a more strategic approach is needed. More than one-quarter of the companies in the survey reported extensive security-related challenges.

To lower the risk of such problems, company executives and IT leaders should work together to craft a plan that anticipates potential security concerns and implements corrective action to close security holes, KPMG says. Because many cloud providers have strong and sophisticated security measures in place, companies moving to the cloud should be able to enjoy enhanced protection in a cloud environment.

“When thoughtfully implemented, many providers could actually offer robust and resilient security measures and controls that could enhance overall security in the cloud,” said Greg Bell, a U.S. principal and services leader at KPMG LLP.

To find cloud service providers with thoroughly vetted technology and processes, organizations should see if the provider has undergone a Service Organization Control (SOC) audit, especially a SOC 2, type 2 audit, which measures the performance and controls of a vendor’s cloud systems over an extended period of time.

“Due diligence of cloud vendors is a key part of the adoption process, and you want to be sure the cloud providers you rely on have gone through a comprehensive IT audit such as a SOC 2 engagement,” Asgeirsson said.

The survey participants represented organizations in 16 major global markets. More than half of the organizations are operating in the cloud, KPMG said.

Jeff Drew ( ) is a JofA senior editor.


Post-busy season checklist

Now that tax season is over, pause for some introspection to guarantee that next year’s busy season is even better. Bonus: “Dirty dozen” scams list to share with your clients. Sponsored by Thomson Reuters, Bloomberg BNA, Bloomberg BNA // Software and Wolters Kluwer.


News quiz: Risks are top of mind in finance

Americans are worried about risks to their financial security. Accountants also see risks to their organizations and their careers. See how much you know about recent news and reports with this quiz.


Auditing risks in culture

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.