null 11

COBIT and COSO are two alliterations that have a lot in common. COSO stands for The Committee of Sponsoring Organizations while COBIT stands for Control Objectives for Information and Related Technologies. These two organization’s function is to help companies organize and monitor financial reporting controls.

However, there are a few differences between the two organizations, and in this article, you will understand those in detail.

Understanding COSO

COSO was established in 1985 by five professional associations. Their main aim was to sponsor the National Commission on Fraudulent Financial Reporting.  These five associations included:

  • Institute of Internal Auditors
  • the American Accounting Organization
  • Institute of Management Accountants
  • The American Institute of Certified Public Accountants
  • Financial Executives International

The body’s main goal is to help to provide guidance on risk management and to develop an enterprise framework, fraud deterrence, and internal control.

Understanding ISACA

ISACA was established in 1967. The initials stand for Information Systems and Audit Control Association.  It is an IT professional body. The organization main role is to develop auditing control guidance and create world recognized IT certification.

The Framework of COSO

In 2016, COSO updated its framework. The new framework uses a risk management approach in managing internal controls.  The framework applies to both internal and external financial reporting. The framework is based on five crucial strategic points.

They include:

  1. Governance and culture
    This point relates to ERM and oversees daily activities
  2. Strategy and Objective Setting
    This principle states that risks must be measured objectively.
  3. The performance
    This approach stipulates that there should be effective reporting of risks.
  4. The Review and Revision
    This element involves internal audit and monitoring of controls.
  5. Information, Communication, and Reporting
    This requirement says there should be communication between internal and external members.

The Framework of COBIT

COBIT also have five crucial principles. The role of these principles differs from those of COSO.

The five principles include:

  1. Meeting Stakeholders Needs
    The decision of the organization should comprise of those who bear risk and those who receive benefits to determine the needed resources.
  2. Covering the Enterprise end to end
    This principle makes sure ERM takes into consideration information and technologies like assets and applications instead of focusing on IT.
  3. Applying a Single Integrated Framework
    This rule aims at mapping several standards to one business governance and management.
  4. Enabling a Holistic Approach
    Culture, integrates processes, policies information, organizational structures, as well as people to manage and govern the enterprise.
  5. Separating governance and management
    This element involves evaluating ways to offer direction and to separate tracking activities from those who are governing.

Comparison of COSO with COBIT

Although the two organizations appear to have some form of similarities, they carry out different functions for various institutions. COSO offers guidance that companies can refer to when creating risk tolerances to minimize theft and fraud. On the other hand, COBIT gives organization guidelines that provide best-practice controls.

Companies that choose to create financial risk reporting architecture that is compatible with COSO can also implement COBIT to create their control landscape. COSO let companies to frame their building.

Why your company needs COSO and COBIT?

COSO and COBIT are designed to make control landscape as well as risk and governance infrastructure that lets security align with requirements.

COSO responds to controls that are associated with a fiduciary duty which are meant to comply with Sarbanes-Oxley requirements.  The problem with COSO is that it limits itself to a particular segment of an organization.  For COBIT, it provides a specific manner through which risk is assessed. For instance, the PO 8 Manage Quality is compatible with the risk assessment element of COSO.

As soon as a company aligns its control with COBIT, it can do the same to COSO and other viable frameworks through the use of gap analysis. With the gap analysis tools, the organization can control across different standards to avoid the issue of compliance with various frameworks.


Feel free to ask questions, send feedback and even point out mistakes. Great conversations start with just a single word. How to write better comments?
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Why Staff Training is important?

As an employer, there are many ways that you can help your staff. The best employers are continuously looking at how they can improve their company’s performance, and they understand that looking after their employees is one of the best ways to ensure that the business moves forward. Consistent and continuous training is one way for employers to make the…

6 Tips To Build A Better Online Business

The first website info.cern.ch was published on August 6, 1991. As of January 2019, the Internet has come a long way with over 1.94 billion websites striving for dominance online. Nasdaq statistics project that 95 percent of purchases will be made online by 2040. With the vast number of websites competing for the attention of the growing number of online…

Why outsource your SEO content to perfect your writing requirements?

If you are a business owner, then you must already know that to be successful in the world of business entrepreneurship, you will have to have a fully functional business website. A business website is essential to ensure that you develop a strong presence for your business venture online. However, it will not be of too much substance whether you…

5 Tips to Find a Marketing Agency for SEO around you

When it comes to ensuring that your small or medium-sized business thrives in your area, then you have to use the right SEO marketing agencies to promote our business online. Finding the right agency may, however, not be as easy as it may seem. Let’s start with an example. Consider you are an agency in a city like Dayton, Ohio.…

How Social Media can help you build your sale network?

Ad networks are becoming a necessity for business growth. And most popular online advertising networks are Ad knowledge, Apple Advertising, Google AdSense, Yahoo Network, Facebook Audience Network Ads etc. As you could view, users global are going on to herd to social media networks such as Facebook, Twitter, and Pinterest. These sites afford your case a basic possibility to join…

5 Benefits of working with an SEO expert

When you decide to take your business online, a website comes in handy. Nevertheless, what matters most in your online marketing is not just a mere website but one that generates leads which in turn generate revenue for your business. Perhaps you’ve time and again heard of SEO experts and how they can help you succeed in online business. But wait, what is SEO?…