Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Risks associated with cloud computing addressed by advisory group

Reprints
Enterprise Risk Management Risk Management More + Less -
Risks associated with cloud computing addressed by advisory group

The Committee of Sponsoring Organizations of the Treadway Commission has released a new thought paper providing guidance on applying the advisory group's Enterprise Risk Management Integrated Framework to risks associated with cloud computing.

Released Wednesday, “Enterprise Risk Management for Cloud Computing” notes that technology research and advisory firm Gartner Inc. has estimated that cloud computing will be a $140 billion industry by 2014. But as companies look to benefit from cloud computing's potential, they should be aware that “cloud computing entails commensurate risks,” the paper states.

Written by accounting and consulting firm Crowe Horwath L.L.P., the paper suggests that cloud computing can pose significant changes in organizations' operating environments, but that applying Altamonte Springs, Fla.-based COSO's ERM framework can help with risk identification and mitigation strategies as cloud computing evolves.

Potential areas of risk

Among the potential areas of risk associated with cloud computing cited by the paper are business model disruption, risks arising from relationships with cloud service providers, lack of cloud service provider transparency, reliability and performance issues, risk of being locked in to a cloud vendor by proprietary tools, and security and compliance issues.

Other possible risk areas include cyber attacks, risk of data leakage, impact on the morale of internal information technology staff, and cloud service provider viability, according to the paper.

“It is not uncommon for organizations to adopt cloud computing solutions without applying a formal risk evaluation or expending any effort to adjust (the) ERM or governance program,” the paper says.

It suggests that a best practice is to establish cloud governance before an organization adopts a cloud solution. And, it says, organizations that have already adopted cloud computing without following ERM best practices would still benefit from performing a risk assessment and establishing a cloud governance structure.

The thought paper can be downloaded free from COSO's website at www.coso.org.

Read Next

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.