CHAPTER 6 COBIT and Other ISACA Guidance

The Committee of Sponsoring Organizations’ (COSO) internal control framework, as introduced and discussed in Chapter 3, has become the standard mechanism for measuring and evaluating internal accounting controls under the Sarbanes-Oxley Act (SOx), as was introduced in Chapter 5. However, SOx does not mandate the strict use of the COSO internal control framework but only calls for its utilization for understanding and evaluating internal controls. Prior to the release of the recently revised COSO framework, some professionals had expressed concerns about the original COSO internal control framework, and had criticized it because it did not give enough emphasis to information technology (IT) tools and processes.

As an alternative, another more IT-oriented internal control framework is called Control Objectives for Information and related Technology (COBIT). This framework has been in place since well before SOx, and many enterprises began to use COBIT when SOx became the law as a preferred tool for complying with its Section 404 internal control procedures. The COBIT internal control framework provides guidance on evaluating and understanding internal controls, with an emphasis on enterprise IT resources and governance issues. COBIT is not a replacement for the COSO internal control framework but is a different way to look at COSO-mandated internal controls in today’s IT-centric world.

Although originally launched as a tool to help what ...

Get Brink's Modern Internal Auditing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.