COSO, Service Management, and Effective IT Controls

WE HAVE DISCUSSED HOW THE original COSO internal control framework originated during the days of centralized mainframe computer systems, with many key financial systems based on batch-processing and paper report output. We almost forget that the Internet, as a powerful business tool, was just in its infancy then, and earlier cell phones were about the size and weight of a brick but had few functions except for making and receiving voice calls. The revised COSO internal controls framework has tried to correct this IT materials deficit, but it still remains a framework that primarily describes effective financial reporting internal controls and still does not fully recognize today’s IT controls and their importance to the COSO internal controls framework.

This chapter emphasizes the importance of IT general controls, the control procedures that go beyond just individual applications, and covers overall enterprise IT processes. In addition, the chapter outlines some key IT service management concepts that are elements of information technology infrastructure library (ITIL) best practices. Not an IT technical discussion, this chapter has an objective of bringing these IT internal control objectives to the attention of today’s enterprise business executive who is striving to adopt COSO internal controls.


Enterprise IT processes today cover many areas, ranging from an IT application to control ...

Get Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.