Accounting and IT Control Frameworks
In most companies of any size, data moves between multiple business groups and IT systems on its way from initial transactions to the reports that the CEO and CFO must attest to.
Attesting to the accuracy of the data requires confidence in accounting procedures and controls. These are addressed within the COSO framework.
The SOX 404 attestation also requires confidence in the IT systems that house, move, and transform data. This requires confidence in the processes and controls for those IT systems and databases. The COBiT framework was designed to address IT concerns.
Thoughts, Comments, and Official Opinions
- Excerpt on control frameworks from Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports.
- SEC Chairman Comments on Compliance
- Why you need both an Accounting and an IT framework
- ITGI’s “IT Control Objectives for Sarbanes-Oxley” (updated):
Full Document Excerpt on IT controls