COSO sheds light on managing cloud risks

Management should begin control-related activities before an organization contracts with a cloud-computing service provider (CSP), according to guidance provided in a new thought paper released Wednesday by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

The paper, Enterprise Risk Management for Cloud Computing, provides a thorough examination of how to follow COSO’s Enterprise Risk Management (ERM)—Integrated Framework to assess and manage the risks presented by cloud computing.