Given the proliferation of technology in a company, business professionals throughout an organization are interested in the governance and management of information technology (IT). For example, executive management and accounting professionals need to attest to the functioning of internal controls over financial reporting. Given the dependence on IT for recording, analyzing, and communicating financial information, these individuals need to understand the controls over IT. Every employee must be aware of and follow the internal controls for IT. Circumventing any controls can create system vulnerability and put the organization at risk. Therefore, every business employee should have a foundational understanding of the purpose and objectives of the governance frameworks to take responsibility for the efficient and mindful use of technology. This appendix presents several frameworks that business users, especially management, should understand.

COSO Internal Control Framework

The Committee of Sponsoring Organizations of the Treadway Committee (COSO) developed the original internal control framework in 1992 to guide organizations in creating internal control policies. In 2013, COSO revised the framework to reflect the changing business ecosystem, such as the greater dependence on technology. To be more flexible, the overall goal of the framework is to provide principles rather than strict rules. This flexibility allows judgment in designing and ...