ITIL and COSO: Utilizing the Appropriate Framework

588 Words2 Pages
ITIL/COSO Committee of Sponsoring Organizations of the Treadway Commissions (COSO) serves as a framework for internal controls (Farmer, 2005). The key elements are control environment, risk assessment, control activities, information and communication, and monitoring. ITIL is a set of books that offers a customizable framework of practices to provide high quality service to internal users (Violino, 2005). It focuses on service support, software support, computer operations, and security management. Where ITIL focuses mainly on service and technology, COSO focuses on the overall internal control environment that includes doing risk assessments, access control, policies and procedures, segregation of duties, etc., not just IT. COSO is an assurance model that provides assurance in internal controls over financial reporting. It provides best practices for assurance in the existence and occurrence of transactions, assets, and liabilities as of the reporting date. Also, that all transactions, liabilities, and assets have been reported, valuations of assets and liabilities are appropriate, and mainly that the financial statements are presented in proper form with required disclosure. It involves policies and procedures on top of the IT internal controls. Both frameworks can be used in the same industry or the same organization. The essential recommendation is to do a self-assessment on the organization to identify areas of most need of improvement and establish a baseline

More about ITIL and COSO: Utilizing the Appropriate Framework

Open Document