COBIT Framework: Control Objectives For Internal Control Systems

877 Words2 Pages

• Three of the most important frameworks to help companies develop good internal control systems include: the COBIT framework, the COSO internal control framework, and COSO’s Enterprise Risk Management framework (ERM).
• The COBIT Framework is formally known as Control Objectives for Information and Related Technology. o Developed by the Information Systems Audit and Control Foundation (ISACF) as a basis for IT control. o Combines standards from 36 different sources regarding systems security and control standard into a single framework and is having a big impact on the IS profession. This allows management to benchmark security and control practices of IT environments, users to be assured that adequate IT security and control exist, and auditors …show more content…

o However, it fails to look at the purposes and risks of business processes and provides little context for evaluating the results. It makes it hard to know which control systems are most important, whether they adequately deal with risk, and whether important controls are missing. In addition, it does not adequately address Information Technology issues. o COSO’s internal control model has five crucial components:
♣ Control environment: which are the individual attributes, (integrity, ethical values, competence, etc.) of the people in the organization and and the environment in which they operate.
♣ Control activities: which are control policies and procedures that help ensure that the organization addresses risks and effectively achieves its objectives.
♣ Risk assessment: which is the process of identifying, analyzing, and managing organizational risk
♣ Information and communication: which is the system that captures and exchanges the information needed to conduct, manage, and control organizational …show more content…

• COSO’s Enterprise Risk Management Integrated framework (ERM) o Developed by the Committee of Sponsoring Organizations (COSO), a private-sector group consisting of the the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Institute of Management Accountants (IMA), and the Financial Executives Institute (FEI). o In 2001, COSO began investigating how to effectively identify, assess, and manage risk so organizations could improve the risk management

Open Document