Uploaded bykafetubruk
PPTX, PDF5 views

The COSO Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management.

The COSO Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management.

Embed presentation

Download to read offline
COSO FRAMEWORK •The COSO Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management. • Published for the Internal Control Integrated Framework (ICIF) • Framework was created in conjunction with five private sector organizations • COSO Framework is made up of two integrated frameworks with set of objectives. • Enterprise Risk Management(ERM) • Internal Control –Integrated framework-oldest framework 1992/Widely used Committee of Sponsoring Organization of the Treadway Commission
COSO Framework Objectives • Internal control objectives  Operations - Focus on the effectiveness and efficiency of your business operations such as performance goals and securing the organization’s assets against fraud.  Reporting - Focus on transparency, timeliness and reliability of the organization’s reporting habits for both internal and external financial reporting as well as non-financial reporting.  Compliance - Focus on adherence to laws and regulations that the organization must comply with. • ERM – has the following objectives  Strategic – High-level goals, aligned with and supporting its mission  Operations – Effective and efficient use of its resources  Reporting – Reliability of reporting  Compliance – compliance with applicable laws and Regulations
INTERNAL CONTROL- INTEGRATED FRAMEWORK • The new internal control framework(2013) has 5 components(Class of controls) 17 principles (Family of controls) and 87 attributes(Control requirements) 1. Control environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring Five components to an Internal control system.
Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities Principles of effective internal control 1.Demonstrates commitment to integrity and ethical values 2.Exercises oversight responsibility 3.Establishes structure, authority and responsibility 4.Demonstrates commitment to competence 5.Enforces accountability 6.Specifies suitable objectives 7.Identifies and analyzes risk 8.Assesses fraud risk 9.Identifies and analyzes significant change 10.Selects and develops control activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 5 principles, and 20 attributes 4 principles, and 27 attributes 3 principles, and 16 attributes 3 principles, and 14 attributes 2 principles, and 10 attributes https://www.coso.org/Pages/ic.aspx
Control Examples • Establish Responsibilities • Tasks should be clearly established, assigned to individuals in order to determine faults. • Process owner and reviewer must be different • SODs controls • Maintain Adequate Records • Detailed Records • Use of Chart of Accounts
SAMPLE MAPPING Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot- line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities
Components of ERM COSO’s new ERM framework now includes five components or categories with 20 principles spread throughout each component. Those components are: 1. Governance and Culture 2. Strategy & Objective-Setting 3. Performance 4. Review and Revision 5. Information, Communication, and Reporting
COBIT FRAMEWORK •The COBIT Framework is a framework for created by the ISACA (Information Systems Audit and Control Association) for IT governance and management. •Designed to be a supportive tool for managers—and allows bridging the crucial gap between technical issues, business risks, and control requirements. •COBIT ensures quality, control, and reliability of information systems in an organization •COBIT framework is focused on SOX IT Process/General IT process. CONTROL OBJECTIVE FOR INFORMATION AND RELATED TECHNOLOGY
•Objectives - COBIT 2019 lays out ‘Governance Objectives’ and ‘Management Objectives’, with a total of 40 as part of its ‘Core Model’. Practitioners prioritize these objectives based on the needs of customers, stakeholders, users, and so on, allowing them to create comprehensive and bespoke IT strategies and frameworks •Domains - Every COBIT objective fits within a specific ‘Domain’. Management Objectives are contained within ‘Deliver, Service and Support (DSS)’, ‘Monitor, Evaluate and Assess (MEA)’, ‘Build Acquire and Implement (BAI)’, and ‘Align, Plan and Organize (APO)’. Governance Objectives are found under ‘Evaluate, Direct and Monitor (EDM)’ •Goals Cascade - This tool is used to demonstrate how drivers create needs, and subsequently create more clearly defined ‘goals’. In COBIT 2019, these are known as ‘Alignment Goals’, as opposed to the ‘IT Goals’ from COBIT 5 •Components - Formerly known as ‘Enablers’, Components are generic elements that influence IT. They include ‘Information Flows’, ‘Skills’, ‘Infrastructure’, ‘Processes’, ‘Policies and Procedures’, and ‘Organizational Structures’. COBIT 2019 also introduced ‘variants of generic’, with which Components can be examined and amended based on a ‘Focus Area’, such as a specific piece of legislation like the GDPR •Design Factors - These factors help define the needs of an organization and how they must be addressed in a framework. Contextual factors, such as corporate and threat landscapes, are beyond the organization’s control. Strategic factors reflect decisions by the organization, such as the direction of enterprise strategy and the prioritization of different IT elements. Tactical factors focus on implementation choices regarding technology (such as cloud data), methods (such as DevOps, ITIL 4, or Agile), and outsourcing models
CONTROL OBJECTIVE FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) • The COBIT framework makes a clear distinction between governance and management. These two disciplines encompass different activities, require different organizational structures and serve different purposes. • Governance of Enterprise IT - Evaluate, Direct and Monitor (EDM) – 5 processes  Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives.  Direction is set through prioritization and decision making.  Performance and compliance are monitored against agreed-on direction and objectives. • Management of Enterprise IT  Align, Plan and Organize (APO) – 13 processes  Build, Acquire and Implement (BAI) – 10 processes  Deliver, Service and Support (DSS) – 6 processes  Monitor, Evaluate and Assess (MEA) - 3 processes

More Related Content

PPTX
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
PDF
Control and audit of information System (hendri eka saputra)
byHendri Eka Saputra
 
PPTX
COBIT 2019 - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPT
Accountability Corbit Overview 06262007
byHumberto Bruno Pontes Silva
 
PPT
Governance and Management of Enterprise IT with COBIT 5 Framework
byGoutama Bachtiar
 
PDF
cobit-2019 introduction overview for student
byssusercf2d3e
 
PPTX
COBIT
byAi Lun Wu
 
PPTX
information system and computers
by9535814851
 
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
Control and audit of information System (hendri eka saputra)
byHendri Eka Saputra
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
Accountability Corbit Overview 06262007
byHumberto Bruno Pontes Silva
 
Governance and Management of Enterprise IT with COBIT 5 Framework
byGoutama Bachtiar
 
cobit-2019 introduction overview for student
byssusercf2d3e
 
COBIT
byAi Lun Wu
 
information system and computers
by9535814851
 

Similar to The COSO Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management.

PPTX
Introduction to COBIT 2019 and IT management
byChristian F. Nissen
 
PPTX
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
PPTX
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
PPTX
AIS (Accounting Information System) - Chapter 10.pptx
bykafetubruk
 
PPT
D3a_Cobit_Presentation_use_in_class.pptenterprise information technology reso...
byPhaneendraSai3
 
PDF
COBIT 2019 Overview_v1.1.pdf
byMartinPatrici
 
PPT
Cobit5 and-grc
byTatto Sugiopranoto
 
PPTX
Chapter 1 Security Framework
byKarthikeyan Dhayalan
 
PDF
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
PDF
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
byMark Constable
 
PPTX
CoBIT 5 (A brief Description)
bySam Mandebvu
 
PPTX
COBIT
byERUMSULAYMAN1
 
PPTX
Donna Febriani
byDonna Febriani
 
PPTX
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
byaqel aqel
 
PPT
Use COBIT for IT SAVINGS
bySanjiv Arora
 
PPTX
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
PPT
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
PDF
Information assurance /Information security
byjorgenajarro3
 
PPT
Cobit5 introduction
byTatto Sugiopranoto
 
PPT
Cobit® 5 Comparação com Cobit® 4
bybrunise
 
Introduction to COBIT 2019 and IT management
byChristian F. Nissen
 
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
AIS (Accounting Information System) - Chapter 10.pptx
bykafetubruk
 
D3a_Cobit_Presentation_use_in_class.pptenterprise information technology reso...
byPhaneendraSai3
 
COBIT 2019 Overview_v1.1.pdf
byMartinPatrici
 
Cobit5 and-grc
byTatto Sugiopranoto
 
Chapter 1 Security Framework
byKarthikeyan Dhayalan
 
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
byMark Constable
 
CoBIT 5 (A brief Description)
bySam Mandebvu
 
COBIT
byERUMSULAYMAN1
 
Donna Febriani
byDonna Febriani
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
byaqel aqel
 
Use COBIT for IT SAVINGS
bySanjiv Arora
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
Information assurance /Information security
byjorgenajarro3
 
Cobit5 introduction
byTatto Sugiopranoto
 
Cobit® 5 Comparação com Cobit® 4
bybrunise
 

Recently uploaded

PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
The year in review - MarvelClient in 2025
bypanagenda
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
AI Technology important knowledge ......
byutkarshj2007
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 

The COSO Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management.

  • 1.
    COSO FRAMEWORK •The COSO Frameworkis a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management. • Published for the Internal Control Integrated Framework (ICIF) • Framework was created in conjunction with five private sector organizations • COSO Framework is made up of two integrated frameworks with set of objectives. • Enterprise Risk Management(ERM) • Internal Control –Integrated framework-oldest framework 1992/Widely used Committee of Sponsoring Organization of the Treadway Commission
  • 2.
    COSO Framework Objectives •Internal control objectives  Operations - Focus on the effectiveness and efficiency of your business operations such as performance goals and securing the organization’s assets against fraud.  Reporting - Focus on transparency, timeliness and reliability of the organization’s reporting habits for both internal and external financial reporting as well as non-financial reporting.  Compliance - Focus on adherence to laws and regulations that the organization must comply with. • ERM – has the following objectives  Strategic – High-level goals, aligned with and supporting its mission  Operations – Effective and efficient use of its resources  Reporting – Reliability of reporting  Compliance – compliance with applicable laws and Regulations
  • 3.
    INTERNAL CONTROL- INTEGRATED FRAMEWORK •The new internal control framework(2013) has 5 components(Class of controls) 17 principles (Family of controls) and 87 attributes(Control requirements) 1. Control environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring Five components to an Internal control system.
  • 4.
    Control Environment Risk Assessment ControlActivities Information & Communication Monitoring Activities Principles of effective internal control 1.Demonstrates commitment to integrity and ethical values 2.Exercises oversight responsibility 3.Establishes structure, authority and responsibility 4.Demonstrates commitment to competence 5.Enforces accountability 6.Specifies suitable objectives 7.Identifies and analyzes risk 8.Assesses fraud risk 9.Identifies and analyzes significant change 10.Selects and develops control activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 5 principles, and 20 attributes 4 principles, and 27 attributes 3 principles, and 16 attributes 3 principles, and 14 attributes 2 principles, and 10 attributes https://www.coso.org/Pages/ic.aspx
  • 5.
    Control Examples • EstablishResponsibilities • Tasks should be clearly established, assigned to individuals in order to determine faults. • Process owner and reviewer must be different • SODs controls • Maintain Adequate Records • Detailed Records • Use of Chart of Accounts
  • 6.
    SAMPLE MAPPING Control Environment 1.The organization demonstrates a commitment to integrity and ethical values. Component Principle Controls embedded in other components may effect this principle Human Resources review employees’ confirmations to assess whether standards of conduct are understood and adhered to by staff across the entity Control Environment Management obtains and reviews data and information underlying potential deviations captured in whistleblower hot- line to assess quality of information Information & Communication Internal Audit separately evaluates Control Environment, considering employee behaviors and whistleblower hotline results and reports thereon Monitoring Activities
  • 7.
    Components of ERM COSO’snew ERM framework now includes five components or categories with 20 principles spread throughout each component. Those components are: 1. Governance and Culture 2. Strategy & Objective-Setting 3. Performance 4. Review and Revision 5. Information, Communication, and Reporting
  • 8.
    COBIT FRAMEWORK •The COBIT Frameworkis a framework for created by the ISACA (Information Systems Audit and Control Association) for IT governance and management. •Designed to be a supportive tool for managers—and allows bridging the crucial gap between technical issues, business risks, and control requirements. •COBIT ensures quality, control, and reliability of information systems in an organization •COBIT framework is focused on SOX IT Process/General IT process. CONTROL OBJECTIVE FOR INFORMATION AND RELATED TECHNOLOGY
  • 9.
    •Objectives - COBIT2019 lays out ‘Governance Objectives’ and ‘Management Objectives’, with a total of 40 as part of its ‘Core Model’. Practitioners prioritize these objectives based on the needs of customers, stakeholders, users, and so on, allowing them to create comprehensive and bespoke IT strategies and frameworks •Domains - Every COBIT objective fits within a specific ‘Domain’. Management Objectives are contained within ‘Deliver, Service and Support (DSS)’, ‘Monitor, Evaluate and Assess (MEA)’, ‘Build Acquire and Implement (BAI)’, and ‘Align, Plan and Organize (APO)’. Governance Objectives are found under ‘Evaluate, Direct and Monitor (EDM)’ •Goals Cascade - This tool is used to demonstrate how drivers create needs, and subsequently create more clearly defined ‘goals’. In COBIT 2019, these are known as ‘Alignment Goals’, as opposed to the ‘IT Goals’ from COBIT 5 •Components - Formerly known as ‘Enablers’, Components are generic elements that influence IT. They include ‘Information Flows’, ‘Skills’, ‘Infrastructure’, ‘Processes’, ‘Policies and Procedures’, and ‘Organizational Structures’. COBIT 2019 also introduced ‘variants of generic’, with which Components can be examined and amended based on a ‘Focus Area’, such as a specific piece of legislation like the GDPR •Design Factors - These factors help define the needs of an organization and how they must be addressed in a framework. Contextual factors, such as corporate and threat landscapes, are beyond the organization’s control. Strategic factors reflect decisions by the organization, such as the direction of enterprise strategy and the prioritization of different IT elements. Tactical factors focus on implementation choices regarding technology (such as cloud data), methods (such as DevOps, ITIL 4, or Agile), and outsourcing models
  • 10.
    CONTROL OBJECTIVE FORINFORMATION AND RELATED TECHNOLOGY (COBIT) • The COBIT framework makes a clear distinction between governance and management. These two disciplines encompass different activities, require different organizational structures and serve different purposes. • Governance of Enterprise IT - Evaluate, Direct and Monitor (EDM) – 5 processes  Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives.  Direction is set through prioritization and decision making.  Performance and compliance are monitored against agreed-on direction and objectives. • Management of Enterprise IT  Align, Plan and Organize (APO) – 13 processes  Build, Acquire and Implement (BAI) – 10 processes  Deliver, Service and Support (DSS) – 6 processes  Monitor, Evaluate and Assess (MEA) - 3 processes