Chapter 5. Internal Controls Concepts Knowledge
This chapter introduces the concepts of Corporate Governance with particular attention to the implications within an Information Technology (IT) environment and the impact on Information Systems (IS) auditors. Criteria of Control (COCO), Committee of Sponsoring Organizations (COSO), King, Sarbanes-Oxley Act of 2002, and other recent legislative impacts are examined together with the structuring of controls to achieve conformity to these structures. Control classifications are examined in detail together with both general and application controls. Particular attention is paid to Control Objectives for Information and Related Technology (COBIT) from both a structural and relevance perspective.
Internal Controls
Confusion commonly arises as to what exactly a control is. A control may be defined as any action taken by management to enhance the likelihood that established objectives and goals will be achieved. It results from management’s planning, organizing, and directing, and the many variants (e.g., management control, internal control, etc.) can be incorporated within the generic term.
Management controls are intended to ensure that an organization is working toward its stated objectives:
Corporate objectives and goals are the statement of corporate intent (market penetration will increase by 10% in the coming year).
Management objectives define how the corporate objectives will be met (market penetration will be increased leveraging the ...
Get Auditor’s Guide to Information Systems Auditing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
