The Committee of Sponsoring Organizations of the Treadway Committee issued guidance on enterprise risk management for cloud computing on Wednesday to help organizations using COSO’s ERM framework improve cloud governance.
NS Document It provides a roadmap for implementing cloud computing and describes different roles and responsibilities. This guide contains a structure for using the COSOERM framework when considering the changing risks of cloud computing. The project was commissioned by COSO and co-authored by Mike Grob, Principal of Crowe Consulting Services, and Victoria Cheng, Managing Director.
COSO is a voluntary private sector organization founded in 1985, co-sponsored by the American Institute of Certified Public Accountants, the American Institute of Certified Public Accountants, the Financial Executives International, the Management Accountants Association, and the Institute of Internal Auditors. .. Its ERM and internal control frameworks are widely used by many organizations, and the document released Wednesday aims to help businesses better handle the risks associated with cloud computing. ..
“The speed at which cloud computing can be procured and implemented is one of its many valuable features,” COSO Chairman Paul Sobel said in a statement. “However, some organizations may not have the ability to implement appropriate controls designed to mitigate the risks of a cloud environment. They address the associated risks and are integrated into the ERM program. A structured adoption of cloud computing, including a cloud computing governance program, enables organizations to maximize value and enable them to achieve their strategic goals. “
COSO President Paul Sobel speaking at IIA conference
COSO’s ERM framework allows you to integrate cloud computing with your organization’s ERM capabilities. This document describes how to apply the COSOERM framework to cloud computing governance by evaluating each component with 20 principles.
“Successful ERM goes beyond internal control to address governance, culture, strategy, and performance,” Grob said in a statement. “Effective cloud computing and cloud enterprise risk management are integrated within the organization to support the organization’s strategy and objectives, harmonize with culture and add value.”
The guidance points out that organizations that have not yet created a cloud governance program can do so at any time and keep updating as changes occur. Including cloud governance in an enterprise’s cloud computing process enables organizations to address risks that threaten their strategies and goals.
“Strengthening cloud governance is even more important in today’s multi-cloud environments because it reduces organizational risk and enables more efficient and effective use of cloud computing and monitoring,” Chen said in a statement. Stated. “The cloud computing governance approach provides a complete picture of cloud computing across the organization.”
COSO provides guidance on enterprise risk management in cloud computing
Source link COSO provides guidance on enterprise risk management in cloud computing