2.1. NEED FOR CONTROL CRITERIA
A set of criteria is a standard against which a judgment can be made. As described in Chapter 1, choosing an appropriate control criteria is a precondition to performing an assessment of the effectiveness of an entity's internal control. In the United States, the internal control integrated framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the most commonly used criteria to assess the effectiveness of internal control. Therefore, a significant portion of this chapter is devoted to discussing the COSO framework.
Increasingly, information technology (IT) has become ingrained into business processes and controls of entities. The consideration of IT-related controls must be integrated with the entity's overall assessment of its internal control; it is no longer acceptable to treat IT controls as separate and distinct from other elements of internal control. The COBIT (Control Objectives for Information and related Technology) framework, published by the Information Systems Audit and Control Association (ISACA), provides a generally accepted set of IT-related control objectives. This chapter also describes this guidance, which may be integrated into the COSO framework.
Your understanding of the criteria used to assess the effectiveness of the entity's internal control is a cornerstone for developing an effective engagement approach.
Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
