PHOTO:Benjamin Suter | unsplash
Theres a new COSO preacher in town. Are they a threat or an enabler of a peaceful and safe community? Should we embrace them and listen to their advice?
COSO's "Enterprise Risk Management for Cloud Computing" is an interesting document. I am not a fan, but if you are in IT or responsible for addressing IT-related risk, you might find it of some interest.
It starts reasonably well: "Leveraging cloud computing in some industries may have been a strategic advantage at one point. What the pandemic brought to light was the need for more remote and flexible work environments and the IT infrastructure to support the organization in that effort. Utilizing cloud computing has become an essential element to compete in the marketplace.
"The speed at which cloud computing can be procured and implemented is one of its many valuable traits. However, facing the inertia of accelerated access to cloud based capabilities, some organizations may not have had the capacity to implement appropriate controls designed to mitigate the risks in their cloud environments."
Lets acknowledge, though, that cloud computing is not new. It has been with us for many years.
I am (just) old enough to remember some of the first database systems. I was a manager with a major public accounting firm, responsible for the technical IT audit approach, when I heard Tom Gilb address the British Computer Society.
Tom shared his experiences helping a major Swedish car company implement an integrated set of applications using one of the first database management systems from IBM on their newest and most powerful mainframes. He told us he was often asked about the differences in deploying database vs. traditional systems. His answer was: Its just another file structure.
In many ways, cloud is similarly a simple evolution rather than a gigantic leap. Many of the issues related to managing a traditional outsourced computing system continue in a cloud environment. There are a few more challenges, but not so many that IMHO justify a publication from COSO specifically on cloud computing.
COSO would have done better if they had simply shared their thoughts on integrating IT-related risk into enterprise risk and performance (or success) management. (Actually, they would have done better to read and build on my book, "Making Business Sense of Technology Risk").
They get this right: "An organizations management is responsible for managing the risk to the organization. Management must incorporate the board and key stakeholders into the ERM program so that risk management is integrated with the organizations strategy and business objectives. Effective ERM involves multiple departments and functions; it should be integrated into the strategy of the organization and embedded into its culture. Successful ERM goes beyond internal controls to address governance, culture, strategy, and performance. Effective cloud computing and cloud enterprise risk management is integrated within the organization to support the organizations strategy and objectives, align with the culture, and enhance value."
Related Article:Modernizing Legacy Tech: Big Bang or Piecemeal?
The rest of the document takes each of the five components of the COSO ERM Framework and explains how they relate to cloud computing, with suggestions on how each of the related principles might be addressed.
But, and it is a huge but, the authors start with "Governance and Culture." Now I agree that is an important topic, but you dont establish governance structures and processes before you understand the risks and related processes.
They are starting with the COSO model and plugging cloud into it, rather than understanding what risks (both positive and negative) flow from the use of cloud and only then determining what governance-related processes and structures are needed.
So, lets leave COSO behind and take a far simpler approach:
One concern with starting with a focus on cloud, as this COSO guidance does, is you might end up dedicating scarce resources to a source of minimal risk to the enterprise.
There is, as always, more to be said. The COSO document can be of value by considering all of its detailed suggestions as food for thought, but I cannot recommend adopting it as a framework.
I welcome your thoughts.
Norman Marks, CPA, CRMA is an evangelist for better run business, focusing on corporate governance, risk management, internal audit, enterprise performance, and the value of information. He is also a mentor to individuals and organizations around the world, the author of World-Class Risk Management and publishes regularly on his own blog.
Continue reading here:
Fitting IT-Related Risk Into Broader Business Objectives - CMSWire
- ISSCC 2024: Inside AMD's Zen 4cThe Area-Optimized Cloud Computing Core - News - All About Circuits - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - Morningstar - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - Help Net Security - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - HealthLeaders Media - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - PR Newswire - February 26th, 2024 [February 26th, 2024]
- South Korea Boosts Cloud Computing with $91.5 Million Investment to Propel AI and SaaS Innovation - BNN Breaking - February 26th, 2024 [February 26th, 2024]
- Science ministry to invest 121.9 bln won in cloud computing industry - Yonhap News Agency - February 26th, 2024 [February 26th, 2024]
- Why Microsoft is spending billions on AI and cloud computing in Europe - ITPro - February 26th, 2024 [February 26th, 2024]
- Universities Migrate Research Computing to the Cloud - EdTech Magazine: Focus on K-12 - February 26th, 2024 [February 26th, 2024]
- Top Cloud Computing Skills You Need to Know in 2024 - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Best Cloud Tools of 2024: Unleash Maximum Productivity - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Real-time Analytics News for the Week Ending February 24 - RTInsights - February 26th, 2024 [February 26th, 2024]
- Synadia Raises $25 Million Series B Funding to Meet Massive Demand for Multi-cloud and Edge Computing Driven by AI - PR Newswire - February 26th, 2024 [February 26th, 2024]
- CEO Outlook 2024: 20 Solution Providers On The Cloud Moment - CRN - February 26th, 2024 [February 26th, 2024]
- DigitalOcean beats expectations under the helm of new CEO Paddy Srinivasan - SiliconANGLE News - February 26th, 2024 [February 26th, 2024]
- Securing Kubernetes in a Cloud Native World - The New Stack - February 26th, 2024 [February 26th, 2024]
- How to Build a Chat Interface using Gradio & Vultr Cloud GPU SitePoint - SitePoint - February 26th, 2024 [February 26th, 2024]
- Microsoft to invest $2.1bn in cloud and AI infrastructure in Spain - DatacenterDynamics - February 26th, 2024 [February 26th, 2024]
- Stannah looks to enterprise cloud software to lift IT systems - ComputerWeekly.com - February 26th, 2024 [February 26th, 2024]
- AI vendor finds opportunity amid AI computing problem - TechTarget - February 26th, 2024 [February 26th, 2024]
- Nvidia Worth More Than Alphabet, Amazon - 24/7 Wall St. - February 26th, 2024 [February 26th, 2024]
- VIB spearheads banking innovation with deployment of Temenos Banking Platform on AWS cloud - VnExpress International - February 26th, 2024 [February 26th, 2024]
- Why These 7 Cloud Computing Stocks Should be on Your Radar in 2024 - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- IBM to Buy Software AG's Cloud Computing and AI Assets for $2.3BN - Investopedia - December 25th, 2023 [December 25th, 2023]
- Pass the AWS Certified Cloud Practitioner Certification in One Week - Medium - December 25th, 2023 [December 25th, 2023]
- 3 Cloud Computing Stocks You'll Regret Not Buying Soon: December Edition - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Predicted to Hit US$1,266.4 Billion by 2028 - TechiExpert.com - December 25th, 2023 [December 25th, 2023]
- AWS chief Adam Selipsky talks generative AI, Amazon's investment in Anthropic and cloud cost-cutting - Omaha World-Herald - December 25th, 2023 [December 25th, 2023]
- Mangata Networks and Microsoft Partner on AI-enabled Edge Cloud Connectivity - AiThority - December 25th, 2023 [December 25th, 2023]
- Democratization of Cloud vs AI: A Case Study - Medium - December 25th, 2023 [December 25th, 2023]
- 5 Drivers Behind the Growth of the GPU Cloud Computing Market - Visual Capitalist - December 25th, 2023 [December 25th, 2023]
- Report: AWS to reorganize sales teams amid slowing cloud revenue growth - SiliconANGLE News - December 25th, 2023 [December 25th, 2023]
- Don't underestimate vulnerabilities in the cloud. Adopt hybrid to stay protected - Best Enterprise Data Storage Software ... - Solutions Review - December 25th, 2023 [December 25th, 2023]
- Innovations, disruptions, transformations expected in 2024 Intelligent CIO Middle East - Intelligent CIO - December 25th, 2023 [December 25th, 2023]
- IBM makes $2B+ deal to add more AI, cloud computing solutions - WRAL TechWire - December 25th, 2023 [December 25th, 2023]
- How to Select the Right Industry Cloud for Your Business - How to Select the Right Industry Cloud for Your Business - InformationWeek - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Set to Reach US$1,266.4 Billion by 2028 - Analytics Insight - December 25th, 2023 [December 25th, 2023]
- Cisco to Acquire Isovalent to Secure Cloud-Native Networking - Channel E2E - December 25th, 2023 [December 25th, 2023]
- Cloud-native applications: Unlocking the potential of scalability and agility - ETCIO - December 25th, 2023 [December 25th, 2023]
- Year-in-Review: 2023 Was a Turning Point for Microservices - The New Stack - December 25th, 2023 [December 25th, 2023]
- If AI is the future, radiology needs to look to the cloud - Health Imaging - December 25th, 2023 [December 25th, 2023]
- AI and Cloud: The Proving Ground for Regulatory Resilience in 2024 - Finextra - December 25th, 2023 [December 25th, 2023]
- Cognata Redefines Sensor Suite Selection Processes Through Digital Twin-based Sensor Simulation and Cloud ... - PR Newswire - December 25th, 2023 [December 25th, 2023]
- Microsoft and Amazon the focus of cloud computing probe - Proactive Investors USA - October 5th, 2023 [October 5th, 2023]
- Cloud cover benefits of being on the cloud - The Actuary - October 5th, 2023 [October 5th, 2023]
- AI, Cloud Computing among 36 FREE Online Courses Now ... - Philippine Information Agency - October 5th, 2023 [October 5th, 2023]
- Amazon Web Services isn't trying to win the A.I. race. It wants to own the road. - Slate - July 31st, 2023 [July 31st, 2023]
- The Machines Behind the FinOps Curtain: Operationalizing Your Strategy with AI - ITPro Today - July 31st, 2023 [July 31st, 2023]
- Strengthening security in a multi-SaaS cloud environment - TechCrunch - July 31st, 2023 [July 31st, 2023]
- Oracle Introduces First Cloud Native Secure Cloud Computing ... - PR Newswire - July 31st, 2023 [July 31st, 2023]
- The Power of Cloud Computing: How it's Transforming Database ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From Headquarters to the Edge: The Future of Cloud in the Defense ... - MeriTalk - July 31st, 2023 [July 31st, 2023]
- 6 Cloud Computing Companies Navigating the Digital Storm in 2023 - GovCon Wire - July 31st, 2023 [July 31st, 2023]
- Government Cloud Computing Market Size, Status and Business ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Cloud Computing in Education Market Forecast, 2023-2029: The ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Global Cloud Computing IaaS In Life Science Market Size and ... - University City Review - July 31st, 2023 [July 31st, 2023]
- What is the Relationship Between IoT and Cloud Computing? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- How Data Center Interconnect Platforms are Shaping the Future of ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Revolutionizing IoT: How 5G and Cloud Computing are ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Cloud Computing: Database as a Service (DBaaS) in ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Overcoming Data Privacy Challenges in the European Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Telemedicine in India: How Cloud Computing is ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Multi-Cloud and Hybrid Cloud: What is the Difference? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- A New Era of Data Management: The Growing Importance of Global ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From niche to necessity: GFT's vision for cloud computing ... - Business Leader - July 31st, 2023 [July 31st, 2023]
- ERP, Cloud Computing And Digital Transformation - CIOReview - July 31st, 2023 [July 31st, 2023]
- UMD Smith Offers New January Start Date for MS in Information ... - Newswise - July 31st, 2023 [July 31st, 2023]
- The Impact of Global White-box Server Adoption on Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Global Application Transformation: Unlocking the Potential of Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- BFSI Sector and Asia-Pacific Spearhead the Rapid Growth of Cloud ... - GlobeNewswire - July 31st, 2023 [July 31st, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing operations, state leaders say - The Associated Press - June 28th, 2023 [June 28th, 2023]
- Google Cloud Platform: Everything you need to know about Google's suite of cloud computing services - Android Police - June 28th, 2023 [June 28th, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing ... - Wilmington News Journal, OH - June 28th, 2023 [June 28th, 2023]
- 11 Key Executives in the Cloud Computing Industry in 2023 - Executive Gov - June 28th, 2023 [June 28th, 2023]
- 10 Multi-Cloud Myths Debunked: Exposing the Facts - TechFunnel - June 28th, 2023 [June 28th, 2023]
- How MTN and Microsoft will transform business operations with ... - TheCable - June 28th, 2023 [June 28th, 2023]
- The Power of Cloud Computing: Revolutionizing Business and IT ... - Tech Critter - June 28th, 2023 [June 28th, 2023]
- FTC Collecting Comments On Cloud Computing, CCIA Offers Input ... - Computer and Communications Industry Association - June 28th, 2023 [June 28th, 2023]
- How AI and Cloud Computing Are Revolutionizing the Insurance ... - Techopedia - June 28th, 2023 [June 28th, 2023]
- HPE Discover final analysis: Navigating the cloud computing ... - SiliconANGLE News - June 28th, 2023 [June 28th, 2023]