COSO Framework Components

Question 1

serves as the foundation for a company’s risk appetite, helping a company understand the level at which it wants to outsource technology functions

Answer 1

internal environment

Question 2

management should understand how outsourcing tech functions will help it reach, or potentially hinder, its objectives

Answer 2

objective setting

Question 3

management must understand how adopting a CSP could make event identification more complex, or easier

Answer 3

event identification

Question 4

management should understand the risks of its cloud strategy, understanding the impact to its risk profile, inherent & residual risk, & the likelihood of the impact of all risks

Answer 4

risk assessment

Question 5

management should determine whether its risk response will be to avoid risk, reduce its likelihood, share the risk by transferring a portion of it to another entity, or accept the risk

Answer 5

risk response

Question 6

the organization should understand how traditional controls (detective, preventative, automated, & manual) & entity-level controls are modified in a cloud environment

Answer 6

control activities

Question 7

management should understand how operating in the cloud will affect the timeliness, availability, & dissemination of info & communication

Answer 7

information & communication

Question 8

management should modify its monitoring mechanisms to accommodate new complexities introduced by adopting a cloud solution

Answer 8

monitoring