Abstract
This paper provides a comprehensive, forward-looking analysis of technology auditing within the financial services sector, specifically for multi-cloud infrastructures encompassing AWS, Azure, and Google Cloud Platform (GCP). It presents a detailed technical framework for modern audit practices, moving from traditional, reactive methodologies to a proactive, continuous assurance model. The framework details technical audit procedures for core cloud domains including Identity and Access Management (IAM), data protection, and network security, with a focus on provider-specific tooling and logging. It also provides a strategic roadmap for auditing emerging technologies such as Artificial Intelligence (AI), Distributed Ledger Technology (DLT), and Post-Quantum Cryptography (PQC). The paper argues that a modern audit function must embrace technologies like DevSecOps and compliance-as-code to embed security directly into the technology lifecycle. By adopting this framework, audit leaders can build a hybrid talent model, automate end-to-end audit processes, and position their function as a strategic partner in enhancing institutional resilience, ensuring compliance, and protecting long-term value in a dynamic technological landscape.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Bharathan, Ramkumar, "Cloud Audits: A Technical Framework for Financial Institutions in a Multi-Cloud Era", Technical Disclosure Commons, (August 19, 2025)
https://www.tdcommons.org/dpubs_series/8478