White Paper

What’s Next after SAS 70?
What User Entities Need to Know about Managing Outsourcing and Cloud Risks

A Habif, Arogeti & Wynne White Paper
by Dan Schroeder, CPA, MBA, CISA, CIA, CISM
dan.schroeder@hawcpa.com

There is a shocking abdication of responsibility going on in corporate America that is an outgrowth of the IT outsourcing boom.

Market research firms expect explosive growth in the cloud computing market in the next few years. One firm predicts annual global cloud computing growth of 26.2 percent between 2010 and 2015.1 Another firm projects worldwide cloud services revenue will reach $148.8 billion by 2014, and the worldwide software-as-a-service (“SaaS”) enterprise application market will reach $10.7 billion in 2011.

With this explosion in the array of technological solutions, businesses are outsourcing increasingly more critical functions, such as inventory management and financial transaction processing. In fact, more than a quarter (26 percent) of respondents to a recent InformationWeek survey described their SaaS applications as “mission critical.” The systems that deliver these “mission critical” services are typically highly complex and sophisticated, which creates a more complex and sophisticated risk environment than corporations have seen in the past.

One would imagine that these trends – increasing reliance on third parties to The systems that deliver these “mission critical” services are typically highly complex and sophisticated, which creates a more complex and sophisticated risk environment than corporations have seen in the past.
perform critical and complex functions – would cause executives to step back and take a fresh look at how to assess risks created by this new business model.

That would be a logical assumption. Unfortunately, it’s incorrect.