Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOX, COSO, COBIT Timeline

Similar presentations


Presentation on theme: "SOX, COSO, COBIT Timeline"— Presentation transcript:

1 SOX, COSO, COBIT Timeline
Committee of Sponsoring Organizations of Treadway Commission (COSO)– 1985 Control Objectives for Information and Related Technology (COBIT) -1992 Sarbanes Oaxley Act (SOX) – 2002

2 COSO Corporate financial scandals lead to Treadway Commission (National Commission on Fraudulent Financial Reporting) James Treadway – past commissioner of SEC Five accounting organizations include Financial Executives International (FEI) American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Institute of Management Accountant (IMA)

3 COSO Control Objectives
Operations – Assuring that the company is operating effectively as a business and protecting the assets of the shareholders Financial reporting – Assuring that the financial statements of the company are produced in accordance with Generally Accepted Accounting Principles (GAAP) Compliance – Assuring that the company is in compliance with relevant laws and regulations, including SEC rules, health and safety laws, and tax laws.

4 COSO Control Components
Control environment (company culture) Risk Assessment Control procedures (control practices including corporate policies, procedural guidelines for each type of risk, etc.) Information and communication Monitoring

5 COBIT Information Systems Audit & Control Association (ISACA) issued COBIT (Control Objectives for Information and Related Technology) in 1996 Definitions of control closely paralleled COSO 34 IT processes Framework for IT governance and IT controls (i.e., governance and controls for IT processes) Focuses on information criteria (i.e., effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability)

6 COBIT Framework COBIT Definition of Internal Control
The policies, procedures, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. COBIT Supports IT governance IT is aligned with the business IT enables the business and maximizes benefits IT resources are used responsibly IT risks are managed appropriately

7 Benefits of COBIT Better alignment based upon a business focus
An understandable view of IT for management Clear ownership and responsibilities General acceptability with third parties and regulators Shared understanding among all stakeholders based on a common language Fulfillment of the COSO requirements for the IT control environment

8 COBIT Processes High-level control objective
Process descriptions describing process objectives Waterfall: process goals, metrics, practices Process maps to information criteria, IT resources, IT governance focus areas Detailed control objectives Management guidelines: RACI (Responsible, Accountable, Consulted and/or Informed) Maturity Model (across industry)

9 COBIT Process Domains : IT Activities
Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (MF)

10 IT Resources Applications Information Infrastructure People

11 Performance Measurement
IT goals and metrics that define what the business expects from IT and how to measure it Process goals and metrics that define what the IT process must deliver to support IT’s objectives and how to measure it Activity goals and metrics that establish what needs to happen inside the process to achieve the required performance and how to measure it

12 Other Frameworks ISO 2000 Information Technology Infrastructure Library (ITIL) – a framework of best practices to achieve efficiencies in IT service Management Global application Like COBIT, based on processes Best practices for service management

13 Components of ITIL SERVICE DELIVERY SERVICE SUPPORT
Capacity management Availability management Financial management for IT services Service-level management IT service continuity management SERVICE SUPPORT Incident management Problem management Configuration management Change management Release management Service desk function

14 COBIT and ITIL ITIL complements COBIT in the area of Delivery & Support Focuses on Clearly defining service levels Helps more accurate infrastructure sizing Provides discipline in internal or external sourcing of IT services Efficiency through standardized processes


Download ppt "SOX, COSO, COBIT Timeline"

Similar presentations


Ads by Google