This article will help you to understand some similarities and differences between two frameworks: COSO and COBIT. Some basic knowledge about these two networks is required especially for E-Commerce. COSO and COBIT are comparable frameworks, COSO’s approach is more broad-based, fewer complexes, without so much technical issues and COBIT is more comprehensive, process-orientated, risk, control needs, and it relates more to technical issues. COBIT covers quality and security requirements such as effectiveness, efficiency, integrity, availability, compliance, confidentiality and reliability of information. These are the foundations for the control objectives of COBIT.
As recognized by the COSO agenda, the process of internal control comprises of five components. These make up for a highly competent framework for investigating and evaluating the system of internal control that is put to use in a business. These components are stated below:
– “Control Environment, this deals with setting the character of a business and influencing the control awareness of its staff and it includes the honor, moral values, operating methods of the management, system for assigning authority and the necessary procedures for organizing and developing the staff in a business association.
– Risk assessment, which includes the detection and examination of the risks that are most likely to pose a threat to attaining desired objectives.
– Control Activities, these are the rules and regulations which assist in guaranteeing that the orders of the management are satisfactorily carried out.
– Information and communication which are responsible for all news related to the operation and finances etc of a business that helps in its smooth running
– Monitoring of internal controls which points out any shortage in its quality making sure it is remedied so the system can be improved “(Bushman, 2007).
The domains of COBIT are:
– Planning and organizing
– Acquisition and implementation
– Mange IT investment
– Delivery and support
– Monitoring and evaluation.
COBIT focuses on IT components, which are process orientated. Moreover, the COBIT contains the system of development, operation, delivery, and implementation. COBIT helps strengthens assessment, understanding and exercise of appropriate internal controls. COBIT also, provides a good framework for risk management and improves communication among management, users and auditors regarding IT governance. Accordingly, COSO focuses on monitoring and evaluation, which is also one of the COBIT’s domains. Therefore, COSO and COBIT build together a strong assessment of IT based systems and processes.
For example, the company is implementing a new system. Therefore, the business can take an advantage of COBIT and COSO. In this case, COBIT will be very helpful to span the system on technology based processes. CABIT would also help in configuration of two different systems (new with an existing accounting system). COSO would help to evaluate the financial part and risk. Moreover, the COSO also will review all accounting related aspects and the COBIT will help in technological integration and it also will help with delivery and support of the implementation.
The combination of COSO and COBIT will be very beneficial for AFM Corporation. All analysis and documentation of processes could be scoped by the COSO framework and all technological issues could be reviewed in details by the COBIT framework. COBIT would also help with the complexity of software system. On the other hand, the COSO will support control activities and the COBIT will help in detailed monitoring and evaluating.