Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorNewsBreadcrumb SeparatorPress ReleasesBreadcrumb SeparatorManaging Risks of Cloud Computing the Focus of COSO’s Latest Thought Leadership

Managing Risks of Cloud Computing the Focus of COSO’s Latest Thought Leadership

ALTAMONTE SPRINGS, Fla. (June 20, 2012) – In response to the growing number of organizations utilizing cloud computing as a viable alternative for meeting their technology needs, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published a new thought paper titled Enterprise Risk Management for Cloud Computing.

As with any new technology, cloud computing entails commensurate risks. The thought paper provides guidance on following the principles of the COSO Enterprise Risk Management (ERM) – Integrated Framework to assess and mitigate the risks arising from cloud computing.

“The advent of cloud computing is causing executives to revisit how they would like their enterprises to be supported by technology,” said Warren Chan, co-author of the paper and a principal at Crowe Horwath LLP, a public accounting and consulting firm. “Applying COSO’s ERM framework to the business processes being supported by cloud solutions will provide management with a complete view of the associated risks, benefits and risk response options.”

Enterprise Risk Management for Cloud Computing is the latest in a series of COSO papers providing organizations and ERM practitioners guidance on effective risk management.

“The potential benefits cloud computing can bring an organization are numerous, but they are just part of this unfolding story,” said COSO Chairman David Landsittel. “This publication builds on COSO’s existing ERM guidance by helping executives incorporate risk management into their cloud strategy, and assisting board members in their oversight role in this emerging area.”

Enterprise Risk Management for Cloud Computing can be downloaded for free from COSO’s website ( as well as the websites of COSO’s five sponsoring organizations. COSO encourages practitioners and others interested in monitoring cloud computing as a part of their organization’s enterprise risk management to visit the COSO website to learn more and download other thought papers on ERM.


About COSO

Founded in 1985, COSO is a joint initiative of five private sector organizations and is dedicated to providing thought frameworks, guidance, and thought leadership for ERM, internal control, and fraud deterrence. COSO comprises The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA).

About Crowe Horwath

Crowe Horwath LLP ( is one of the largest public accounting and consulting firms in the United States. Under its core purpose of “Building Value with Values®,” Crowe assists public and private company clients in reaching their goals through audit, tax, advisory, risk and performance services. With offices coast to coast and 2,500 personnel, Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Horwath International, one of the largest networks in the world. The network consists of 150 independent accounting and management consulting firms with offices in more than 580 cities around the world.​​