Technology


Management should begin processes to guard against fraud and to manage risk before an organization contracts with a cloud-computing service provider (CSP), according to guidance provided in a new thought paper released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

The paper, Enterprise Risk Management for Cloud Computing, provides a thorough examination of how to follow COSO’s Enterprise Risk Management (ERM)—Integrated Framework to assess and manage the risks presented by cloud computing.

Written by Crowe Horwath LLP risk management principal Warren Chan and former Crowe risk management consultants Eugene Leung and Heidi Pili, the thought paper says control-related inquiries should be included in a request for proposal or in the due-diligence process when choosing a CSP vendor.

In addition, the paper says, management should attempt to include a right-to-audit clause in the contract with each CSP an organization uses. The paper suggests that preferably before a CSP is chosen, management should conduct interviews to determine how the CSP would address certain risks and events.

Management could have its internal auditors evaluate the CSP’s internal control environment, the paper says. And management could require the CSP to provide independent audit reports such as those defined by the AICPA with respect to the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the Service Organization Control 2 reports including areas of security, availability, processing integrity, confidentiality, or privacy.

Where appropriate, management must implement additional controls so that the format used by the CSP meets all of the organization’s requirements, the paper says.

COSO Chairman David Landsittel said in a statement that the paper will assist corporate board members with their oversight role. He said the paper also will help executives manage risk in their cloud strategy.

“The potential benefits cloud computing can bring an organization are numerous, but they are just part of this unfolding story,” Landsittel said.

The thought paper is available at tinyurl.com/7ca8pww.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.