Companies working to assess and mitigate the risks that result from cloud computing just got some much needed help.

The Committee of Sponsoring Organizations (COSO) published new guidance on the topic last month. The paper, “Enterprise Risk Management for Cloud Computing,” leverages the principles of COSO's “Enterprise Risk Management—Integrated Framework” document to help management and boards better understand the risks and opportunities presented by cloud computing.

“When you engage a third-party cloud service provider, you ultimately are inherently taking on some of their risk,” says Warren Chan, co-author of the paper and a principal at Crowe Horwath. What this publication provides ...