Professional Documents
Culture Documents
COBIT
COBIT
Book discusses Trust Services framework developed by AICPA and Canadian Institute of Chartered Accountants (CICA) More widely accepted in industry is COBIT developed by the IT Governance Institute: C=Control OB=Objectives for I=Information and related T=Technology
COBIT-what is it?
Provide companies with an information systems governance model that helps in understanding and managing the risks associated with technology. Meant to facilitate bridging the gap between business risk, management needs and technical issues. Augments COSO/ERM, not a replacement
COBIT Processes
The primary COBIT processes that have the most direct relevance to COSOs internal control structure can be categorized into 4 broad categories: Plan and organize Acquire and implement Deliver and support Monitor and evaluate
IT strategic plan developed, monitored, communicated Define information capture, processing, and reporting controls IT staff has adequate knowledge and experience; roles defined and documented; proper segregation of duties; IT employees trained and developed, kept up to date with new technology
Policies and Procedures documented and updated; issues reported and resolved
System changes are authorized and monitored; adequate controls surround change management
IT performs security assessments; monitors/updates access restrictions; ensures continuity Set standard requirements; assess variances with standards
Define required acquisition and maintenance processes, including documentation to support proper use and technological solutions put in place
Regularly reviewed, updated and approved by management
IT controls have:
a pervasive effect on the achievement of controls related to reliable financial reporting should be evaluated in order to assess the likelihood of potential misstatements in each significant account the extent of information technology involvement in the period-end financial reporting process should be evaluated