In this paper we discuss the evolvement of cloud computing paradigm and present a framework for secure cloud computing through IT auditing. Our approach is to establish a general framework using checklists by following data flow and its lifecycle. The checklists are made based on the cloud deployment models and cloud services models. The contribution of the paper is to understand the implication of cloud computing and what is meant secure cloud computing via IT auditing rather than propose a new methodology and new technology to secure cloud computing. Our holistic approach has strategic value to those who are using or consider using cloud computing because it addresses concerns such as security, privacy and regulations and compliance.