| This article will help you to understand some similarities | | | | The domains of COBIT are: |
| and differences between two frameworks: COSO | | | | - Planning and organizing |
| and COBIT. Some basic knowledge about these two | | | | - Acquisition and implementation |
| networks is required especially for E-Commerce. | | | | - Mange IT investment |
| COSO and COBIT are comparable frameworks, | | | | - Delivery and support |
| COSO's approach is more broad-based, fewer | | | | - Monitoring and evaluation. |
| complexes, without so much technical issues and | | | | COBIT focuses on IT components, which are process |
| COBIT is more comprehensive, process-orientated, | | | | orientated. Moreover, the COBIT contains the system |
| risk, control needs, and it relates more to technical | | | | of development, operation, delivery, and implementation. |
| issues. COBIT covers quality and security requirements | | | | COBIT helps strengthens assessment, understanding |
| such as effectiveness, efficiency, integrity, availability, | | | | and exercise of appropriate internal controls. COBIT |
| compliance, confidentiality and reliability of information. | | | | also, provides a good framework for risk management |
| These are the foundations for the control objectives | | | | and improves communication among management, |
| of COBIT. | | | | users and auditors regarding IT governance. |
| As recognized by the COSO agenda, the process of | | | | Accordingly, COSO focuses on monitoring and |
| internal control comprises of five components. These | | | | evaluation, which is also one of the COBIT's domains. |
| make up for a highly competent framework for | | | | Therefore, COSO and COBIT build together a strong |
| investigating and evaluating the system of internal | | | | assessment of IT based systems and processes. |
| control that is put to use in a business. These | | | | For example, the company is implementing a new |
| components are stated below: | | | | system. Therefore, the business can take an |
| - "Control Environment, this deals with setting the | | | | advantage of COBIT and COSO. In this case, COBIT |
| character of a business and influencing the control | | | | will be very helpful to span the system on technology |
| awareness of its staff and it includes the honor, moral | | | | based processes. CABIT would also help in |
| values, operating methods of the management, | | | | configuration of two different systems (new with an |
| system for assigning authority and the necessary | | | | existing accounting system). COSO would help to |
| procedures for organizing and developing the staff in a | | | | evaluate the financial part and risk. Moreover, the |
| business association. | | | | COSO also will review all accounting related aspects |
| - Risk assessment, which includes the detection and | | | | and the COBIT will help in technological integration and |
| examination of the risks that are most likely to pose a | | | | it also will help with delivery and support of the |
| threat to attaining desired objectives. | | | | implementation. |
| - Control Activities, these are the rules and regulations | | | | The combination of COSO and COBIT will be very |
| which assist in guaranteeing that the orders of the | | | | beneficial for AFM Corporation. All analysis and |
| management are satisfactorily carried out. | | | | documentation of processes could be scoped by the |
| - Information and communication which are responsible | | | | COSO framework and all technological issues could |
| for all news related to the operation and finances etc | | | | be reviewed in details by the COBIT framework. |
| of a business that helps in its smooth running | | | | COBIT would also help with the complexity of |
| - Monitoring of internal controls which points out any | | | | software system. On the other hand, the COSO will |
| shortage in its quality making sure it is remedied so the | | | | support control activities and the COBIT will help in |
| system can be improved "(Bushman, 2007). | | | | detailed monitoring and evaluating. |