COSOCOSO (continued)COSO ObjectivesEffective Internal Control SystemCOSO vs. COBITCOSO vs. COBIT (continued)Slide 7Management RecommendationsManagement Recommendations (COSO)Management Recommendations (COBIT)COSO“Committee of Sponsoring Organizations”Formed in 1985 to sponsor the National Commission on Fraudulent Financial ReportingEffective, efficient and ethical business operations on a global basisCOSO (continued)Jointly sponsored by 5 organizationsAAA (American Accounting Association)AICPA (American Institute of CPA’s)FEI (Federal Executives International)IIA (Institute of Internal Auditors)IMA (Institute of Management Accountants)COSO ObjectivesEfficient and effective operationsAccurate financial reportingCompliance with laws and regulationsEffective Internal Control SystemThe control environmentRisk assessmentControl activitiesInformation and communicationMonitoring activitiesCOSO vs. COBITOrigin:COBIT is created by the Information Systems Audit and Control Association (ISACA), an international professional association. Originally released in 1996.COSO is a US private sector initiative. Originally related in 1985. Objectives:COSO is the official framework for controls over financial reporting, but COSO does NOT provide controls for Information Technology COBIT is specifically focused on IT controls COBIT is directly based on COSO but COBIT DOES provide controls for Information TechnologyCOSOCOBITCOSO vs. COBIT (continued)Audit Reliance:IT audits and reviews can rely on COBITFinancial audits can rely on COSOAudiences:COBIT is useful for IT management, users, and auditors COSO is useful for management at largeCOSO vs. COBIT (continued)Structure:COBIT – Four domains – plan and organize, acquire and implement, deliver and support and monitor and evaluateCOSO – Five components – control environment, risk assessment, control activities, information and communication, and monitoringManagement Recommendations COSO and COBIT should both be implemented COSO establishes internal controls framework for financials Complies with SOA COBIT establishes IT framework for control and securityLinks requirements, policies, and standardsManagement Recommendations (COSO) Provides for reasonable assurance in achieving objectives related to:Efficiency and effectiveness of operations Reliability in financial reporting Compliance with laws and regulationsAddresses application and general IT controls at high levelManagement Recommendations (COBIT) Provides for reasonable assurance in achieving IT objectives related to:Planning and organizing Acquiring and implementing Delivery and Support Monitoring and evaluation COBIT is COSO compliant focused on strong audit and control
View Full Document