COBIT and the IT Governance Institute
ENTERPRISE PROFESSIONALS AND CERTAINLY SENIOR MANAGERS require the use of a set of standards or a framework to govern their IT governance practices and general internal control procedures. Adherence to such a framework allows senior managers as well as enterprise professionals in their area of expertise to be recognized as specialists in their field of operations. The Committee of Sponsoring Organizations (COSO) internal control framework, as introduced and discussed in Chapter 4, has become an important IT governance tool for evaluating and improving IT governance processes for a wide span of systems and IT processes as well as the internal accounting controls rules under the Sarbanes-Oxley Act (SOx) introduced in Chapter 2. However, some senior managers and their information technology (IT) professionals, in particular, have expressed concerns with using the COSO internal control framework in today’s IT-oriented world. The concern had been that the published COSO internal control guidance just does not give enough emphasis on IT tools and processes. For example, the original, 1992-published COSO internal control guidance materials (see Chapter 4) primarily look at IT application internal controls at a very high level, even though there is much more of a need for additional IT-specific internal control guidance in today’s world.
A more IT-oriented internal control assessment and guidance framework, called COBIT (Control Objectives ...