20   |   Enterprise Risk Management for Cloud Computing   |   Thought Leadership in ERM



        8. Conclusion

        It has been proclaimed in some circles that cloud   Some of the unique aspects of cloud computing can
        computing has as much potential to bring about change   pose new challenges to ERM programs. The apparent
        to organizations as the Internet did during the last decade   simplicity of adopting cloud computing belies how complex
        of the 20th century. In time, cloud computing will establish   its management can become when risks materialize. It
        its mark in the historical timeline of the evolution of   would be naïve to think that cloud computing will allow an
        technology.                                       organization to avoid adverse events – criminal activity,
                                                          human error, and unforeseen accidents and disruptions
        The adoption and acceptance of cloud computing is   – that can befall any type of organization. An effective
        congruent with the popularity and acceptance of other   cloud governance program is highly dependent on an
        trends of the past decade (e.g., social networking sites   accurate understanding of the risks combined with well-
        and virtual retailing), for which the people and facilities   contemplated risk mitigation or acceptance strategies. By
        cannot be seen but are greatly trusted to facilitate   leveraging the COSO ERM framework, management will
        communications, store information, and transact business.   have an effective and consistent approach in identifying
        A few decades ago, mainframe computers were locked up   the universe of specific risks and risk responses that each
        in a showcase center, and senior management took great   cloud computing opportunity and decision entails.
        pride during office tours to show off the elaborate physical
        security measures, the sheer size of the data centers,   Applying cloud computing solutions without the proper
        and the amount of equipment being used. The executives   care, due diligence, and controls is bound to cause
        from that era felt confident that all of their organizations’   unforeseen problems. Used appropriately – with the
        information assets were stored in well-guarded facilities   necessary precautions and controls in place, as vetted
        that could be easily verified. Today, with most of the   by applying the COSO ERM framework – cloud computing
        available cloud solutions, the successors of this past   could yield a multitude of benefits, some unheard of until
        generation of executives have a much cheaper technology   now and some yet to be discovered. By being aware of
        option available in which they can neither tour the facilities   the risks and other issues related to cloud computing,
        (in many cases) nor have knowledge of the exact location   executives are more likely to achieve their organization’s
        of their organization’s information assets.       objectives as they manage the risks in this dynamic and
                                                          evolving environment that likely will become the most
                                                          popular computing model of the future.









































        w w w . c o s o . o r g