COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)5 offers a framework that initiates an integrated process of internal controls. It helps improve ways of controlling enterprises by evaluating the effectiveness of internal controls. It contains five components:
- Control environment, including factors such as integrity of people within the organization and management authority and responsibilities
- Risk assessment, aiming to identify and evaluate the risks to the business
- Control activities, including the policies and procedures for the organization
- Information and communication, including identification of critical information to the business and communication channels for delivering control measures from management to staff
- Monitoring, including the process used to monitor and assess the quality of all internal control systems over time
The COSO framework and the COBIT framework are both used to satisfy compliance with SOX (described later in this appendix).
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.