Bookstore Product
Request for Proposal
Bookstore Product
Priority
Definition of
Deliverable:
Cloud Computing



Manuscript length: approximately 40k-50k
Manuscript format: MS Word; 12 pt. Times Roman; double-spaced
Objective - Educate to create awareness of cloud computing, types and
models, and associated risks and control approaches.
Other deliverables that the author(s) may be asked to participate in:
Possible webinar outline
Audit Channel TV “author/book spotlight” interview
Proposals Due:
Submit proposals via e-mail to bookstore@theiia.org.
At the end of this RFP are detailed proposal submission guidelines.
Content Guidelines:
Note: The IIARF
understands that the
proposals supporting this
RFP may include all, some,
or additional content.






















Define cloud computing and related terminology.
Pros/cons of using cloud computing.
Risks of cloud computing.
How organizations and/or industries can use cloud computing.
Types of deployment models (public/private/hybrid).
Types of service models (SaaS, IaaS, PaaS, etc.).
Coordination / communication.
Key players and their roles in establishing and maintaining cloud computing
(General Counsel, IT, Internal Audit, Service Provider).
Responsibilities and monitoring duties of cloud computing.
Contract considerations – right to audit; require annual SSAE 16 (SOC 2
Type 2); indemnification; data security etc.
What to do in the cloud environment and how to monitor.
Risk assessment.
Impact on audit plan.
Understanding/use of 3rd party attestations (e.g., SSAE 16 - SOC 1,2,3)
o Supplementing SOCs.
Nature of controls/processes.
Staff training.
Management / Audit Committee perspectives (maybe an additional
whitepaper as a marketing tool).
Continuous monitoring.
Consider emerging regulatory considerations.
What to audit.
Data protection.
Privacy considerations.
Possible resource: A GTAG on cloud computing from the IIA.
**In 2011, ISACA published a 190-page a book, IT Control Objectives for
Cloud Computing: Controls and Assurance in the Cloud
DONOR RECOGNITIO
Bookstore Product
Proposal Submission
Guidelines
The Institute of Internal Auditors Research Foundation has been the global leader in sponsoring,
disseminating, and promoting research and knowledge resources to enhance the development and
effectiveness of the internal audit profession.
These guidelines have been established for submission of product proposals. Proposals should not exceed
five pages, exclusive of appendices described below, and should contain the following basic elements:
1. A one-paragraph abstract, summarizing the product outline, the resources needed and how internal
auditors can utilize the product in their profession.
2. Project description including:
a. Proposed Title
b. Project objectives
c. Proposed table of contents
d. State why the product is needed in the marketplace
e. Describe the intended audience and typical user profile
f. Identify what problems/issues does this product address—in other words, “what’s the
hook?”
g. A statement of expected deliverables (manuscript, tools, checklists, etc.)
h. Itemized timeline and budget, including budget rationale
i. Review of competitors works and how this product differs
j. Identification of proposed author team members including a brief description of their roles
k. A review of author’s previous works if applicable (books, articles, etc.)
l. Identify people who could possibly endorse the product
m. Appendices:
i. An appendix containing proposed interview questions/guidelines, and survey, if
applicable.
ii. Curriculum vitae (CV) or resume for each author (3 pages maximum)
iii. Previous author affiliation with The IIA (previous research or educational
products produced, volunteer participation, chapter officer, etc.
Submit proposals via e-mail to:
bookstore@theiia.org
For more information:
The IIA Research Foundation
247 Maitland Avenue
Altamonte Springs, FL 32701-4201
Tel: +1-407-937-1358
Fax: +1-407-937-1101
Last updated: 3/5/12