Thought Leadership in ERM   |  Enterprise Risk Management for Cloud Computing  |    9






                   While adopting cloud computing could be a major change   The original COSO ERM framework was illustrated as a
                   for an organization, management can use a proven ERM   cube. In Exhibit 5.2, the framework is represented as a
                   framework to effectively assess and manage the related   pathway in which each ERM component (starting with
                   risks. The framework put forth in COSO’s Enterprise Risk   internal environment) is applied in order to understand
                   Management – Integrated Framework has established   the specific advantages and disadvantages that a given
                   a common language and foundation that can be used to   solution candidate would bring to the organization.
                   construct an effective cloud governance program tailored   When the process is completed for each cloud solution
                   specifically for a given cloud solution.          candidate, the ideal cloud solution will emerge along with
                                                                     its related requisites for establishing cloud governance.

                    Exhibit 5.2 Applying the COSO ERM Framework to Cloud Computing Options



































































                                                                                                        w w w . c o s o . o r g