Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Acctg503 Research

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 4

Monitoring Controls

Does the entity have a system of monitoring activities to continuously evaluate and improve the effectiveness of its
internal controls?
Monitoring, as mentioned previously, refers to the entitys ability to monitor the effectiveness of controls as they
operate daily, individually and in cooperation with other controls. Some of the various ways in which controls over
monitoring of control effectiveness could be evaluated regarding the risks associated with those activities include:

Ongoing and separate evaluations on internal controls over financial reporting


Identifying and reporting deficiencies
Assessing the quality of internal control performance over time
Putting procedures in place to modify the control system as needed (add, change, delete)
Ensuring effective management review of control system status
Checking for the absence of monitoring systems, which tends to allow people to reduce vigilance on controls
Utilizing relevant external information or independent monitors
Analyzing control objectives and their related control activities
Reviewing changes to controls since the date of the last report or within the last 12 months

Source: http://www.isaca.org/Journal/Past-Issues/2007/Volume-6/Pages/The-COSO-Model-How-IT-Auditors-CanUse-It-to-Evaluate-the-Effectiveness-of-Internal-Controls1.aspx

The COSO Model: How IT Auditors Can Use It to Evaluate the Effectiveness of Internal
Controls
Tommie Singleton, CISA

MONITORING IT CONTROLS

SOURCE: http://www.coso.org/documents/coso_framework_body_v6.pdf
COSO

Control Frameworks
COSO and COBIT are - among other things - control frameworks. COSO focuses on controls for
financial processes, and COBIT focuses on IT.

Accounting and IT Control Frameworks


In most companies of any size, data moves between multiple business groups and IT systems on its
way from initial transactions to the reports that the CEO and CFO must attest to.
Attesting to the accuracy of the data requires confidence in accounting procedures and controls.
These are addressed within the COSO framework.
The SOX 404 attestation also requires confidence in the IT systems that house, move, and transfom
data. This requires confidence in the processes and controls for those IT systems and databases.
The COBiT framework was designed to address IT concerns.
COSO
The official name for COSO is the Committee of Sponsoring Organizations of the Treadway
Commission. James C. Treadway Jr., the commission's namesake, was a member of the Securities
and Exchange Commission and the initial chairman of COSO.
The new Enterprise Risk Management (ERM) COSO framework emphasizes the importance of
identifying and managing risks across the enterprise. The new COSO framework consists of eight
components:
1. Internal control environment
2. Objective setting
3. Event identification
4. Risk assessment
5. Risk response
6. Control activities
7. Information and communication
8. Monitoring.
The three new components of the COSO framework are Objective setting, Event identification, and
Risk response.
COBIT
COBIT (Control Objectives for Information and Related Technologies) is an open standard published
by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA).
It's an IT control framework built in part upon the COSO framework.
The latest version of COBIT is COBIT 4.0. Here's what ISACA says about it:
Successful organizations understand the benefits of information technology (IT) and use this
knowledge to drive their shareholders' value. They recognize the critical dependence of many
business processes on IT, the need to comply with increasing regulatory compliance demands and
the benefits of managing risk effectively. To aid organizations in successfully meeting today's

business challenges, the IT Governance Institute (ITGI) has published version 4.0 of Control
Objectives for Information and related Technology (COBIT).
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the
gap between control requirements, technical issues and business risks. COBIT enables clear policy
development and good practice for IT control throughout organizations. ITGI's latest version - COBIT
4.0 - emphasizes regulatory compliance, helps organizations to increase the value attained from IT,
enables alignment and simplifies implementation of the COBIT framework. It does not invalidate
work done based on earlier versions of COBIT but instead can be used to enhance work already
done based upon those earlier versions. When major activities are planned for IT governance
initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended
to start fresh with COBIT 4.0. COBIT 4.0 presents activities in a more streamlined and practical
manner so continuous improvement in IT governance is easier than ever to achieve.
Source: http://www.sox-online.com/coso_cobit_coso.html
SOX-online: The Vendor-Neutral Sarbanes-Oxley Site

You might also like