An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its migration to the cloud. Which of the following actions best aligns with the 'Governance and Culture' component of COSO ERM in this context?

Answer options:

Implementing multi-factor authentication for all cloud access

Establishing a cloud steering committee to oversee cloud strategy and risk appetite

Performing daily backups of cloud data

Monitoring cloud service performance metrics

How to approach this question

Map the specific action to the 5 COSO ERM components. Governance relates to structure, oversight, and tone at the top.

Full Answer

B.Establishing a cloud steering committee to oversee cloud strategy and risk appetite✓ Correct

Establishing a cloud steering committee to oversee cloud strategy and risk appetite

Establishing a steering committee establishes the oversight structure, which is a core element of the Governance and Culture component of the COSO ERM framework.

Common mistakes

Selecting specific control activities (like MFA or backups) instead of governance structures.

Question 03 All questions Question 05

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard Q06An auditor is reviewing the backup strategy for a financial transaction system with a Recovery Po...Hard

View all 82 questions →