Kurumsal Risk Yönetimi ve Bulut Bilişim Sistemi

Bulut bilişim sistemi; bir işletmenin veya kuruluşun bilgi işlem kaynaklarını ve uygulamalarını herhangi bir konumdan, internet bağlantısı aracılığıyla temin etmesini sağlayan tedarik modelidir. Ayrıca, işletme organizasyonlarının; iş modeli yeteneklerini ve bilgi işlem kaynağı taleplerini potansiyel olarak artırmalarına ve geliştirmelerine olanak tanımaktadır. Bu çalışmanın amacı; bulut bilişim sistemini COSO’nun (Committee of Sponsoring Organizations of the Treadway Commission) kurumsal risk yönetimi ilkeleriyle bağdaştırarak, bulut bilişim sisteminin işletmeler üzerindeki risklerini ve etkisini özlü bir şekilde ortaya koymaktır. Sonuç olarak işletme yöneticilerinin kurumsal risk yönetimi odaklı bulut bilişim sistemi sorumlulukları belirtilerek; bulut bilişim sisteminin COSO kurumsal risk yönetimi çerçevesi paralelinde kullanıldığında işletmelere fayda sağlayacağı ve işletme yöneticilerinin bulut bilişim sistemini kullanarak, karşılaşabilecekleri riskleri daha detaylı ve kapsamlı değerlendirmelerine yardımcı olacağı öngörülmektedir

Anahtar Kelimeler:

Kurumsal Risk Yönetimi, Bulut Bilişim Sistemi., COSO

Enterprise Risk Management and Cloud Computing System

A Cloud computing system is a procurement model that enables a business or organization to procure computing resources and applications from any location, via an internet connection. In addition, it also allows business organizations to potentially increase and develop their business model capabilities and computing resource demands. The aim of this study is to concisely present the risks and impact of cloud computing systems on businesses by associating cloud computing systems with COSO's enterprise risk management principles. As a result, it is foreseen that the cloud computing system will benefit businesses when used in parallel with the COSO enterprise risk management framework, by specifying the enterprise risk management-focused cloud computing system responsibilities of business managers, and it will help business managers to evaluate the risks they may face in more detail and comprehensively by using the cloud computing system

Keywords:

Enterprise Risk Management, Cloud Computing System., COSO,

PDF

___

Ali, M. - Khan, S.U. - Vasilakos, A. V. (2015), “Security in Cloud Computing: Opportunities and Challenges’, Information Sciences, 305(3), pp. 357-383.
Armbrust, M. - Fox, A. - Griffith, R. - Joseph, A. D. - Katz, R. - Konwinski, A. - Lee, G. - Patterson, D. - Rabkin, A. - Stoica, I. - Zaharia, M. (2010), “A View of Cloud Computing”, ACM Communications, 53, pp. 50–58.
Carlyle, A. G. - Harrell, S. L. - Smith, P. M. (2010), “Cost-effective HPC: The Community or The Cloud?”, Cloud Computing technology and science, IEEE Second International Conference, pp. 169-176.
Chang, V. - Kuo, Y. H. - Ramachandran, M. (2016), “Cloud Computing Adoption Framework: A Security Framework for Business Clouds”, Future Generation Computer Systems, 57(1), pp. 24-41.
Christodorescu, M. - Sailer, R. - Schales, D. L. – Sgandurra, D. – Zamboni, D. (2009), “Cloud Security is not (just) Virtualization Security: A Short Chapter”, Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 97-102.
Coso, (2012), “Enterprise Risk Management for Cloud Computing”, Committee of Sponsoring Organizations of The Treadway Commission (COSO), New York.
Desender, K. A. (2007) “On The Determinants of Enterprise Risk Management Implementation”, SSRN Electronic Journal, pp. 1-26.
Feng, D. G. - Zhang, M. - Zhang, Y. (2011), “Study on Cloud Computing Security”, Journal of Software, 22(1), pp. 71-83.
Florio, C. - Leoni, G. (2017), “Enterprise Risk Management and Firm Performance: The Italian Case”, The British Accounting Review, 49(1), pp. 56-74.
Ghosh, A. (2013), “An Empirical Investigation into Enterprise Risk Management in India”, Working Paper Series, pp. 1-22.
Godson K. M. - Werner D. G. (2016), “Enterprise Risk Management: Factors Assocıated with Effective Implementation”, Risk Governance & Control: Financial Markets & Institutions, 6(4), pp. 1-32.
Grace, M. F. - Leverty J. T. - Phillips, R. D. - Shimpi, P. (2015), “The Value of Investing in Enterprise Risk Management”, The Journal of Risk and Insurence, 82(2), pp. 289-316.
Hoyt, R. E. – Liebenberg, A. P. (2011), “The Value of Enterprise Risk Management”, Journal of Risk and Insurance, 78(4), pp. 795-822.
Johnston, J. - Soileau, J. (2020), “Enterprise Risk Management and Accruals Estimation Error”, Journal of Contemporary Accounting & Economics, pp. 1-39.
Khan, A. - Yan, X. - Tao, S. - Anerousis, N. (2012), “Workload Characterization and Prediction in The Cloud: A Multiple Time Series Approach”, Network Operations and Management Symposium (NOMS), pp. 1287-1294.
Krutz, R. L. - Vines, R. D. (2010), Cloud Security: A Comprehensive Guide to Secure Cloud Computing, Indianapolis: Wiley Publishing.
Malik, M. - Zaman, M. - Buckby, S. (2020), “Enterprise Risk Management and Firm Performance: Role of the Risk Committee”, Journal of Contemporary Accounting and Economics, 16, pp. 1-20.
Mansour, N. (2016), “Adaptive Data Replication Strategy in Cloud Computing for Performance Improvement”, Frontiers of Computer Science, 10(5), pp. 925-935.
Marsh, M. “Kurumsal Risk Yönetimi: Risk Yönetiminde Daha Stratejik Yaklaşım Arayışları”, Http://www.Marsh.Com.Tr/Documents/Press_Release_ERM.Pdf, (23/04/2021).
Mell, P. - Grance, T. “The NIST Definition of Cloud Computing”, http://csrc.nist.gov/publications/PubsSPs.html#800-145, (13.08.2021).
Mulia, W. D. - Sehgal, N. - Sohoni, S. - Acken, J. M. - Stanberry, C. L. - Fritz, D. J. (2013), “Cloud Workload Characterization”, IETE Technical Review, 30(5), pp. 382-397.
Oscar, R. - Daniel, M. - Eduardo, F. M. (2015), “Empirical Evaluation of A Cloud Computing Information Security Governance Framework”, Information and Software Technology, 58(2), pp. 44-57.
Özyiğit, Hüseyin (2021), Bağımsız Denetim Odaklı Kurumsal Risk Yönetimi Sisteminin Oluşturulması: İşletmelere Yönelik Model Önerisi, Gazi Kitabevi, Ankara.
PwC, (2004), “7th Annual Global CEO Survey Managing Risk: An Assessment of CEO Preparedness”, New York.
Ramgovind, S. - Eloff, M. M., - Smith, E. (2010), “The Management of Security in Cloud Computing”, Information Security for South Africa (ISSA), Sandton, South Africa, pp. 1-7.
Rasheed, H. (2014), “Data and Infrastructure Security Auditing in Cloud Computing Environments”, International Journal of Information Management, 34(3), pp. 364-368.
Ryan, M. D. (2013), “Cloud Computing Security: The Scientific Challenge, and A Survey of Solutions”, The Journal of Systems and Software, 86(9), pp. 2263–2268.
Sılva, J. - Sılva, A. - Chan, B. (2019), “Enterprise Risk Management and Firm Value: Evidence from Brazil”, Emerging Markets Finance & Trade, 55, pp. 687-703.
Shi Y. - Meng X. - Zhao J. - Hu X. - Liu B. - Wang H. (2010), “Benchmarking Cloud-Based Data Management Systems”, In: Proceedings of the 2nd International CIKM Workshop on Cloud Data Management, pp. 1-8.
Baxter, R. - Bedard, J. - Hoitash, R. - Yezegel, A. (2013), “Enterprise Risk Management Program Quality: Determinants, Value Relevance, and The Financial Crisis”, Contemporary Accounting Research, 30(4), pp. 1264–1295.
Xiang, Y. - Martino, B. D. - Wang, G. L. (2015), “Cloud Computing: Security, Privacy and Practice”, Future Generation Computer Systems, 52(11), pp. 59-60.
Yao, Z. Q. - Xiong, J. B. - Ma, J. F. (2013), “Access Control Requirements for Structured Document in Cloud Computing”, International Journal of Grid and Utility Computing, 4(2), pp. 95-102.
Yavuz, Selahattin - Özyiğit, Hüseyin (2018), “Kurumsal Risk Yönetimi ve Firma Performansı: Bankacılık Sektörüne Yönelik Bir Araştırma”, 1. Uluslararası Bankacılık Kongresi, ss. 769-778.
Zhu, X.D. - Li, H. - Li, F.H. (2013), “Privacy-Preserving Logistic Regression Outsourcing in Cloud Computing”, International Journal of Grid and Utility Computing, 4(2), pp. 144-150.
https://www2.deloitte.com/global/en.html (14.08.2021).