Richard Steinberg 270004HRBG firstname.lastname@example.org | | Etiquettes :  openpages erm risk itg it-risk coso risk-management | 0 commentaires | 2 641 visites
If you haven't already seen it, it's worth a look – The Committee of Sponsoring Organizations of the Treadway Commission just published a thought paper dealing with risks related to cloud computing. It leverages off COSO's enterprise risk management framework, speaking specifically to issues surrounding hosted services delivered over the internet. The paper is geared not to the techie, but rather to management level personnel who need to understand not only the benefits, but also the associated risks. The paper briefly outlines the many benefits of cloud computing, including greater technology value at lower cost, faster speed of deployment, common technology platforms, reduced need for support personnel and related expenditures, and environmental benefits.
Naturally, most of the focus is on the risks. These include the strategic – with lower barriers of entry for new competitors and related challenge to current business models – and dependency on cloud service providers which in turn drives legal and related risks. Others include lack of transparency, reliability and performance issues, security and compliance concerns, and elevated risk of cyber attack or data leakage. The paper also deals with issues inherent in moving to the cloud, such as the extent to which management considers the impact on the company's organization and IT and other personnel resources, noting "In many cloud scenarios, the organization no longer has complete or direct control over technology and technology-related management processes. Management must determine if it has the risk appetite for the entire universe of potential events associated with a given cloud solution as some of these events extend beyond the organization's traditional borders and include some events that have an impact on the [cloud service provider(s)] supporting the organization."
The paper also discusses cloud issues in the context of COSO's ERM Framework's eight components, outlining how each can be addressed and used in evaluating cloud computing alternatives. It provides suggestions for dealing effectively with the more significant risks, and highlights key decisions to be made by senior management – as well as responsibilities of C-suite executives – and areas on which the board of directors needs to focus its attention. If your company is already in the cloud or considering going there, the paper is worth the read.
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Etiquettes :  itg and 1068 governance with vision management compliance managing openpages it cloud grc risk ibm 2012 | 0 commentaires | 3 540 visites
Managing IT Risk and Compliance with IBM OpenPages ITG (Track 1068)
At IBM Vision 2012, Tuesday May 15th, 1:15 – 2:15 pm I will be presenting Managing IT Risk and Compliance with IBM OpenPages IT Governance.
In this session I will take you through the results of the IBM CIO Study 2011 that was recently published and guide you through the IT Risk related subjects.
Do you want to understand how Big Data, Cloud, Regulatory Pressure, Business Continuity Management, Disaster Recovery, Identity and Access Management, Segregation of Duties, Automated Controls and Endpoint Controls will influence your GRC strategy?
This all comes together in IBM Smarter IT Governance, Risk and Compliance.
Hope to see you in Orlando next week!
Twitter : #Vision12
Blog post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM
Twitter : http