Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Standards that matter – COSO and COBIT

March 22nd, 2007 · No Comments ·

COSO is often used as the standard when choosing an internal control framework. In particular it views the world as follows:

– internal control is a process
– control objectives focus on:

    effectiveness and
    efficiency of operations, as well as
    reliable financial reporting and
    compliance with laws and regulations

– useful for management at large

Graphically COSO can be shown as a cube.

2004 - the new COSO cube

If you cannot see the above cube, click here ==> the new COSO cube (see also

Find out more about the COSO framework

In contrast, Control Objectives of Information and Related technology (COBIT) is also used for building and managing internal control systems. However, COBIT has provisions outside the SarbOx regulation. It focuses on:

– approached control by looking at information
– focus is on quality and security requirements for effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability of information
– highly useful for management, users, and auditors

To find out more regarding COBIT check out – COBIT framework


An organization is well advised to pay due attention to issues of corporate governance, such as:

– structure and mandate of the Board of Directors regarding risks and controls,
– clearly outlined risk assessment, management and risk response processes,
– effective corporate communication programs – front line understands the mission, as well as
– well-documented control objectives and monitoring mechanisms (control metrics)

If the above issues are carefully addressed with the help of the Internal Control System (ICS) the auditor can accept the documentation relating to these issues as part of the audit engagement.

Auditors may not be able to completely rely on such documentation. Moreover, they must satisfy themselves as to the robustness of the enterprise’s entity-level controls. Nonetheless, doing the above work well can save the auditor many hours, and many euros in audit fees can be saved on the client’s behalf.


→ No CommentsTags: coso · cube