Cloud adoption brings unexpected costs, KPMG survey says


Companies moving IT systems to the cloud are encountering higher costs and more implementation problems than they expected, KPMG International reports in a new survey scheduled to be released on Tuesday.

About one-third of the more than 650 business and IT leaders in the global survey experienced higher-than-anticipated expenses adopting cloud-computing services, while a similar number reported significant implementation challenges.

Rick Wright, leader of KPMG’s Global Cloud Enablement Program, said companies need to focus on more than just technology issues when developing their cloud adoption strategies. Companies should examine their business processes and redesign them as needed to secure a smoother transition to the cloud.
“Simply put, executives have found that simultaneous process redesign is central to addressing the complexities that often arise in the implementation and operational phases of cloud adoption,” Wright, a partner with KPMG LLP, said in a news release.

Moving to the cloud is not about short-term cost savings, said Erik Asgeirsson, president and CEO of CPA2Biz, the AICPA’s technology subsidiary. “It’s about positioning your business for new fields of growth,” he said. “Down the line, there certainly are cost advantages, but some investment is required upfront, particularly to work through change management issues.”

Executives in the KPMG survey cited lower, long-term IT costs as their top reason for moving to the cloud. Among the other benefits sought were more efficient operations, more flexible operating models, and faster speed to market, Wright said.

To maximize the long-term benefits of cloud computing, companies should develop a cloud strategy that ensures alignment with core business objectives and minimizes the risk of implementation problems, KPMG said. The firm pointed to security issues as an area where a more strategic approach is needed. More than one-quarter of the companies in the survey reported extensive security-related challenges.

To lower the risk of such problems, company executives and IT leaders should work together to craft a plan that anticipates potential security concerns and implements corrective action to close security holes, KPMG says. Because many cloud providers have strong and sophisticated security measures in place, companies moving to the cloud should be able to enjoy enhanced protection in a cloud environment.

“When thoughtfully implemented, many providers could actually offer robust and resilient security measures and controls that could enhance overall security in the cloud,” said Greg Bell, a U.S. principal and services leader at KPMG LLP.

To find cloud service providers with thoroughly vetted technology and processes, organizations should see if the provider has undergone a Service Organization Control (SOC) audit, especially a SOC 2, type 2 audit, which measures the performance and controls of a vendor’s cloud systems over an extended period of time.

“Due diligence of cloud vendors is a key part of the adoption process, and you want to be sure the cloud providers you rely on have gone through a comprehensive IT audit such as a SOC 2 engagement,” Asgeirsson said.

The survey participants represented organizations in 16 major global markets. More than half of the organizations are operating in the cloud, KPMG said.

Jeff Drew ( ) is a JofA senior editor.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.