COSO and COBIT are – among other things – control frameworks. COSO focuses on controls for financial processes, and COBIT focuses on IT.
The official name for COSO is the Committee of Sponsoring Organizations of the Treadway Commission. James C. Treadway Jr., the commission’s namesake, was a member of the Securities and Exchange Commission and the initial chairman of COSO.
- Read more about COSO
- COSO framework materials are available from the American Institute of Certified Public Accountants.
COBIT (Control Objectives for Information and Related Technologies) is an open standard published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). It’s an IT control framework built in part upon the COSO framework.
The latest version of COBIT is COBIT 4.0. Here’s what ISACA says about it:
Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders’ value. They recognize the critical dependence of many business processes on IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. To aid organizations in successfully meeting today’s business challenges, the IT Governance Institute (ITGI) has published version 4.0 of Control Objectives for Information and related Technology (COBIT).
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. ITGI’s latest version – COBIT 4.0 – emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework. It does not invalidate work done based on earlier versions of COBIT but instead can be used to enhance work already done based upon those earlier versions. When major activities are planned for IT governance initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended to start fresh with COBIT 4.0. COBIT 4.0 presents activities in a more streamlined and practical manner so continuous improvement in IT governance is easier than ever to achieve.
The ISACA has offered a very useful document: IT Control Objectives for Sarbanes-Oxley Using COBIT 5, 3rd Edition