Introduction to Internal Control Systems

|Chapter 8 |

|Introduction to Internal Control Systems |

Discussion Questions

8-1. The primary provisions for the 1992 COSO Report and the 2004 Report are outlined in Figure 8-1.

8-2. The primary provisions of the original version of CobiT, as well as the current version (4.0), are outlined in Figure 8-1.

8-3. COSO stands for Committee of Sponsoring Organizations, which was established by the Treadway Commission to work on a common definition for internal control. COBIT stands for Control Objectives for Information and Related Technology. It was a project undertaken by the Information Systems Audit and Control Foundation that involved an extensive examination of the internal control area.

An important role played by COSO in the internal control area was to come up with a definition of internal control along with a description of five interrelated components (control environment, risk assessment, control activities, information and communication, and monitoring) that should be included within an internal control system. Regarding COBIT and its role in the internal control area, COBIT adapted its definition of internal control based on the COSO report. COBIT (as well as COSO) emphasizes that people at every level of an organization are a very important part of the organization’s internal control system.

COSO is an important framework that management of organizations might use to help ensure that they have effective corporate governance. This is the case because the COSO framework presents criteria to evaluate an organization’s internal control systems. According to SOX, Section 404, management must now document the effectiveness of their internal controls and then issue a report that accompanies the company’s annual report....