Internal Controls Concepts Knowledge
THIS CHAPTER INTRODUCES the concepts of Corporate Governance with particular attention to the implications within an Information Technology (IT) environment and the impact on IT auditors. Criteria of Control (COCO), Committee of Sponsoring Organizations (COSO), King, Sarbanes-Oxley Act of 2002, and other recent legislative impacts are examined together with the structuring of controls to achieve conformity to these structures. Control classifications are examined in detail together with both general and application controls. Particular attention is paid to Control Objectives for Information and Related Technology (COBIT) from both a structural and relevance perspective.
Confusion commonly arises as to what exactly a control is. A control may be defined as any action taken by management to enhance the likelihood that established objectives and goals will be achieved. It results from management’s planning, organizing, and directing, and the many variants (e.g., management control, internal control, etc.) can be incorporated within the generic term.
Management controls are intended to ensure that an organization is working toward its stated objectives:
- Corporate objectives and goals are the statement of corporate intent (market penetration will increase by 10 percent in the coming year).
- Management objectives define how the corporate objectives will be met (market penetration will be increased leveraging the information ...