SOX, COSO, COBIT Timeline

Slides:



Advertisements
Similar presentations
Internal Control Basic Concepts 2 Why do stores use cash registers? zTo safeguard assets zTo insure accuracy and reliability of accounting data zTo provide.
Advertisements

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
TI BISNIS ITG using COBIT &
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Operational Auditing--Fall Operational Auditing Fall 2010 Professor Bill O’Brien.
Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Information Systems Controls for System Reliability -Information Security-
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
COSO Framework Update IIA Columbus Chapter May 17, 2013
Chicagoland IASA Spring Conference
Internal Auditing and Outsourcing
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Internal Control and Control Self-Assessment
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.
Chapter 3 Internal Controls.
Internal Audit Role in Order to Develop an Ethical Corporate Culture as a Competitiveness Factor A.I.I.A. - Internal Auditing body Università degli Studi.
Introduction to Internal Control Systems
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
This Lecture Covers Review of Internal Control Definitions.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
COBIT - IT Governance.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)
5-1 McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Chapter 9: Introduction to Internal Control Systems
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
AUDIT Explain the audit context and the BTC internal control system TRAINING LAF 2009.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Introduction Outline: Importance IT Governance
Internal control objectives
اطار الرقابة الداخلية و فقا للجنة دعم المنظمات COSO
Office of Internal Audits
A Framework for Control
COSO Internal Control s Framework
Governance, audit and digital preservation
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

SOX, COSO, COBIT Timeline Committee of Sponsoring Organizations of Treadway Commission (COSO)– 1985 Control Objectives for Information and Related Technology (COBIT) -1992 Sarbanes Oaxley Act (SOX) – 2002

COSO Corporate financial scandals lead to Treadway Commission (National Commission on Fraudulent Financial Reporting) James Treadway – past commissioner of SEC Five accounting organizations include Financial Executives International (FEI) American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Institute of Management Accountant (IMA)

COSO Control Objectives Operations – Assuring that the company is operating effectively as a business and protecting the assets of the shareholders Financial reporting – Assuring that the financial statements of the company are produced in accordance with Generally Accepted Accounting Principles (GAAP) Compliance – Assuring that the company is in compliance with relevant laws and regulations, including SEC rules, health and safety laws, and tax laws.

COSO Control Components Control environment (company culture) Risk Assessment Control procedures (control practices including corporate policies, procedural guidelines for each type of risk, etc.) Information and communication Monitoring

COBIT Information Systems Audit & Control Association (ISACA) issued COBIT (Control Objectives for Information and Related Technology) in 1996 Definitions of control closely paralleled COSO 34 IT processes Framework for IT governance and IT controls (i.e., governance and controls for IT processes) Focuses on information criteria (i.e., effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability)

COBIT Framework COBIT Definition of Internal Control The policies, procedures, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. COBIT Supports IT governance IT is aligned with the business IT enables the business and maximizes benefits IT resources are used responsibly IT risks are managed appropriately

Benefits of COBIT Better alignment based upon a business focus An understandable view of IT for management Clear ownership and responsibilities General acceptability with third parties and regulators Shared understanding among all stakeholders based on a common language Fulfillment of the COSO requirements for the IT control environment

COBIT Processes High-level control objective Process descriptions describing process objectives Waterfall: process goals, metrics, practices Process maps to information criteria, IT resources, IT governance focus areas Detailed control objectives Management guidelines: RACI (Responsible, Accountable, Consulted and/or Informed) Maturity Model (across industry)

COBIT Process Domains : IT Activities Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (MF)

IT Resources Applications Information Infrastructure People

Performance Measurement IT goals and metrics that define what the business expects from IT and how to measure it Process goals and metrics that define what the IT process must deliver to support IT’s objectives and how to measure it Activity goals and metrics that establish what needs to happen inside the process to achieve the required performance and how to measure it

Other Frameworks ISO 2000 Information Technology Infrastructure Library (ITIL) – a framework of best practices to achieve efficiencies in IT service Management Global application Like COBIT, based on processes Best practices for service management

Components of ITIL SERVICE DELIVERY SERVICE SUPPORT Capacity management Availability management Financial management for IT services Service-level management IT service continuity management SERVICE SUPPORT Incident management Problem management Configuration management Change management Release management Service desk function

COBIT and ITIL ITIL complements COBIT in the area of Delivery & Support Focuses on Clearly defining service levels Helps more accurate infrastructure sizing Provides discipline in internal or external sourcing of IT services Efficiency through standardized processes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.