Acctg503 Research
Acctg503 Research
Acctg503 Research
Does the entity have a system of monitoring activities to continuously evaluate and improve the effectiveness of its
internal controls?
Monitoring, as mentioned previously, refers to the entitys ability to monitor the effectiveness of controls as they
operate daily, individually and in cooperation with other controls. Some of the various ways in which controls over
monitoring of control effectiveness could be evaluated regarding the risks associated with those activities include:
Source: http://www.isaca.org/Journal/Past-Issues/2007/Volume-6/Pages/The-COSO-Model-How-IT-Auditors-CanUse-It-to-Evaluate-the-Effectiveness-of-Internal-Controls1.aspx
The COSO Model: How IT Auditors Can Use It to Evaluate the Effectiveness of Internal
Controls
Tommie Singleton, CISA
MONITORING IT CONTROLS
SOURCE: http://www.coso.org/documents/coso_framework_body_v6.pdf
COSO
Control Frameworks
COSO and COBIT are - among other things - control frameworks. COSO focuses on controls for
financial processes, and COBIT focuses on IT.
business challenges, the IT Governance Institute (ITGI) has published version 4.0 of Control
Objectives for Information and related Technology (COBIT).
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the
gap between control requirements, technical issues and business risks. COBIT enables clear policy
development and good practice for IT control throughout organizations. ITGI's latest version - COBIT
4.0 - emphasizes regulatory compliance, helps organizations to increase the value attained from IT,
enables alignment and simplifies implementation of the COBIT framework. It does not invalidate
work done based on earlier versions of COBIT but instead can be used to enhance work already
done based upon those earlier versions. When major activities are planned for IT governance
initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended
to start fresh with COBIT 4.0. COBIT 4.0 presents activities in a more streamlined and practical
manner so continuous improvement in IT governance is easier than ever to achieve.
Source: http://www.sox-online.com/coso_cobit_coso.html
SOX-online: The Vendor-Neutral Sarbanes-Oxley Site