ISACA, an organization that provides guidance and information on auditing computer controls, has published a guide to explain how its COBIT framework relates to the new COSO Internal Control—Integrated Framework.

COBIT 5 is a widely used framework for the governance and management of enterprise information technology. COSO's internal control framework is relied on by most U.S. public companies to establish compliance with Sarbanes-Oxley internal control reporting. Public companies are in the midst of transitioning to the 2013 release of the COSO framework, expected to be completed by the end of 2014.

The ISACA guide explains how professionals can use the two frameworks together to not only comply but add value in all industries and geographies. The guide looks at the updated COSO framework, which has a stronger emphasis on the role of information technology in establishing control, and examines the related COBIT 5 components. The paper matches specific COSO principles and matches the relevant COBIT 5 framework content with the corresponding COSO framework concept.

Steven Babb, chair of the ISACA Framework Committee, says updates over the past few years to both COBIT 5 and the COSO framework have led to questions about whether the two are complementary. “This paper answers that question with a resounding yes, and shows exactly how the two relate,” he said in a statement. “By using both together, organizations can be confident that they are following proven guidance on assessing and improving their internal control practices within an effective governance structure.”

Topics