This article will help you understand some similarities and differences between two frameworks: COSO and COBIT. Some basic knowledge of these two networks is required, especially for e-commerce. COSO and COBIT are comparable frameworks, COSO’s approach is broader, less complex, without so many technical problems and COBIT is more comprehensive, oriented to processes, risks, control needs and is more related to technical problems. COBIT covers quality and security requirements such as effectiveness, efficiency, integrity, availability, compliance, confidentiality, and reliability of information. These are the foundations of COBIT’s control objectives.
As recognized in the COSO agenda, the internal control process consists of five components. These constitute a highly competent framework for investigating and evaluating the internal control system used in a company. These components are listed below:
– “Control Environment, it is about establishing the character of a company and influencing the control consciousness of its personnel and includes honor, moral values, the operational methods of the management, the system of assigning authority and the procedures needed to organize and develop staff in a business association.
– Risk assessment, which includes the detection and examination of the risks that are most likely to pose a threat to the achievement of the desired objectives.
– Control Activities, are the rules and regulations that help ensure that management orders are satisfactorily fulfilled.
– Information and communication who are responsible for all news related to operation and finance, etc. of a business that helps in its proper functioning.
– Monitoring of internal controls that points out any deficiencies in their quality, making sure that they are corrected so that the system can improveā (Bushman, 2007).
The COBIT domains are:
– Planning and organizing
– Acquisition and implementation
– Eat the investment in IT
– Delivery and support
– Monitoring and evaluation.
COBIT focuses on IT components, which are process-oriented. In addition, COBIT contains the development, operation, delivery and implementation system. COBIT helps strengthen the assessment, understanding, and exercise of appropriate internal controls. COBIT also provides a good framework for risk management and improves communication between management, users, and auditors regarding IT governance. Consequently, COSO focuses on monitoring and evaluation, which is also one of the COBIT domains. Thus, COSO and COBIT together build a robust assessment of IT-based systems and processes.
For example, the company is implementing a new system. Therefore, the company can take advantage of COBIT and COSO. In this case, COBIT will be very helpful in expanding the system into technology-based processes. CABIT would also help in setting up two different systems (new with an existing accounting system). COSO would help to evaluate the financial part and the risk. In addition, COSO will also review all accounting related aspects and COBIT will assist in technology integration and will also assist with delivery and implementation support.
The combination of COSO and COBIT will be very beneficial for AFM Corporation. All process analysis and documentation could be within the scope of the COSO framework and all technology issues could be reviewed in detail using the COBIT framework. COBIT would also help with the complexity of the software system. On the other hand, COSO will support control activities and COBIT will help in detailed monitoring and evaluation.