COSOCOSO (continued)COSO ObjectivesEffective Internal Control SystemCOSO vs. COBITCOSO vs. COBIT (continued)Slide 7Management RecommendationsManagement Recommendations (COSO)Management Recommendations (COBIT)COSO“Committee of Sponsoring Organizations”Formed in 1985 to sponsor the National Commission on Fraudulent Financial ReportingEffective, efficient and ethical business operations on a global basisCOSO (continued)Jointly sponsored by 5 organizationsAAA (American Accounting Association)AICPA (American Institute of CPA’s)FEI (Federal Executives International)IIA (Institute of Internal Auditors)IMA (Institute of Management Accountants)COSO ObjectivesEfficient and effective operationsAccurate financial reportingCompliance with laws and regulationsEffective Internal Control SystemThe control environmentRisk assessmentControl activitiesInformation and communicationMonitoring activitiesCOSO vs. COBITOrigin:COBIT is created by the Information Systems Audit and Control Association (ISACA), an international professional association. Originally released in 1996.COSO is a US private sector initiative. Originally related in 1985. Objectives:COSO is the official framework for controls over financial reporting, but COSO does NOT provide controls for Information Technology COBIT is specifically focused on IT controls COBIT is directly based on COSO but COBIT DOES provide controls for Information TechnologyCOSOCOBITCOSO vs. COBIT (continued)Audit Reliance:IT audits and reviews can rely on COBITFinancial audits can rely on COSOAudiences:COBIT is useful for IT management, users, and auditors COSO is useful for management at largeCOSO vs. COBIT (continued)Structure:COBIT – Four domains – plan and organize, acquire and implement, deliver and support and monitor and evaluateCOSO – Five components – control environment, risk assessment, control activities, information and communication, and monitoringManagement Recommendations COSO and COBIT should both be implemented COSO establishes internal controls framework for financials Complies with SOA COBIT establishes IT framework for control and securityLinks requirements, policies, and standardsManagement Recommendations (COSO) Provides for reasonable assurance in achieving objectives related to:Efficiency and effectiveness of operations Reliability in financial reporting Compliance with laws and regulationsAddresses application and general IT controls at high levelManagement Recommendations (COBIT) Provides for reasonable assurance in achieving IT objectives related to:Planning and organizing Acquiring and implementing Delivery and Support Monitoring and evaluation COBIT is COSO compliant focused on strong audit and control