Question

Differentiate between COSO and COBIT in terms of their purpose and application. Why do organizations need to apply both of them not only one.

Answer 1

Answer:

COSO:

Committee of Sponsoring Organisations of the Tread way Commission (COSO) was formed in 1985. It was established to sponsor the National Commission on Fraudulent Financial Reporting. COSO was originally sponsored jointly by five main accounting institutions that are as follows;

American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives International (FEI), Institute of Internal Auditors (IIA) and Institute of Management Accountants (IMA).

COSO Framework:

• To control environment factors in organisations
• To assess risk
• To control activities throughout the organisations
• Information and Communication
• Monitoring internal control systems

COBIT:

Control Objectives for Information and Related Technologies (COBIT) was formed in 1996. It is an Information Technlogy (IT) management developed by the ISACA to help busiess, develop, organize the information management and governance.It was framed as an IT control objective to help and navigate financial audits and growth of IT environments.

Know ISACA: The Information and Audit Control Association (ISACA) is an independent non-profit organisation which guides professionals engaged in information security, risk management and governance. ISACA is the support system to COBIT that developed and designed the COBIT.

Framework of COBIT:

• Improve quality information to support business decisions.
• Use IT to achieve business goals
• To promote operational excellence
• To manage IT risk
• Realize value of organisation's investment
• Achieve compliance with law

Difference between COSO and COBIT:

Though the two entities are similar with their performance of reporting controls, they function differently in organisations.

COSO provides guidance to the organisation, establishes risk tolerance to reduce fraud in the organisation, while the COBIT provides organisation a framework to build best practice control.

In establishing financial risk reporting models COSO will help in building plans, while COBIT shows outlines for COSO.

Why we need both COSO and COBIT ?

Though they both are two different things, while operating the business both of them are applied together.

This is because COSO can perform only up to a specific limit,like it only responds to the fiduciary controls. But COBIT responds beyond the financial reporting to cover entire IT environment. therefore both entities complement each other.

COSO can only assess the risk and determine the critical environment, but it must also cover the external financial reporting. Thus COBIT enables the quality compliance and monitoring by creating strategic alignments to COSO.

Therefore both the COSO and COBIT complement each other, thus organisations need to apply both of them and not only one.