As the hype of cloud computing continues to grow, The IQ Business Group advises companies to consider the compliance requirements before proceeding with a cloud migration or establishment.
Rory Cassells, risk specialist from The IQ Business Group, says that it is important for organisations to consider, understand and comply with the governance structures as outlined in the King III report, COBIT, ITIL and ISO27001.
“Without these governance codes in place, especially in the cloud environment, companies may find that their customers are hesitant to place their private data with the organisation."
Cassells highlights three cloud compliance platforms that are integral to any company’s cloud strategy: tax compliance, legal compliance and financial considerations. Tax compliance is an important element to the success of the cloud strategy, as companies operating on a cloud computing platform may find themselves dealing with vendors or customers based around the globe.
“It is essential to comply with the tax laws and regulations of the country that the company is based in, but at the same time the company needs to be aware of the tax laws in the vendor or customers’ country of origin.”
Practices that may be within the laws of one country may not necessarily be legal in another, creating possible tax issues, with further complications arising if a third party intermediary becomes involved in the service transaction. Cassells advises companies to thoroughly study the tax laws and regulations of all countries involved, avoiding any legal issues regarding tax irregularities.
He also raises the possible VAT complication when dealing with vendors and customers across the globe.
“On most occasions, the transaction will be zero rated, but companies must determine if there is a VAT treaty between the countries as this affects the VAT reconciliations and claims by or on the organisation. The last thing a company wants is for their customer to receive a tax bill that was not expected and budgeted for.”
Companies need to ensure that having data in other countries does not create a taxable presence. From a legal perspective, Cassells says that there is no world directive on the proper maintenance and management of data.
Laws differ from country to country, therefore it is vital that there is alignment to promote the optimal security of data while complying with legislation of the vendor’s country of residence.
Legal issues become further complicated when a country does not have an overarching law for data protection and security.
“As the storage of data becomes more complex and private, the more difficult it is to comply with legislation regarding retention in a field where the service offered is extremely standardised,” says Cassells.
He advises companies to consider legal compliance issues in the contract negotiation phase ensuring that an organisation is legally protected as well as the customers’ private data.
As companies move into the cloud, financial considerations include a change from a capital expenditure for IT hardware and software to operational expenses for services rendered. Cassells highlights that there will be a large initial expenditure converting to a cloud computing platform and change management processes and severance packages for redundant employees all need to be contemplated.
Three other financial implications that should be considered are exchange control implications for e-commerce transactions, as the change may affect transfer pricing in large multi-national organisations, switching IT from a capital expenditure on the balance sheet to an operating expenditure on the income statement, which will affect the organisation’s tax implications, and from a vendor's perspective consideration must be given to the recognition and timing of revenue, as this can be seen as tax avoidance if not recorded correctly.
“There is little doubt that cloud computing is no longer just a buzzword, but as organisations move to cloud computing they have to be cognisant of the many issues and legalities that are to be complied for success and adoption,” concludes Cassells.