progress of individuals, department

progress of individuals, departments, or locations as they strive to achieve strepealy important goals. The control system provides feedback that allows management to adjust and fine-tune inputs and processes so future ou puts will more closely match goals. An interactive control system helps toplevel managers with high-level activities tut demand frequent and regular attention, such as dnekAng company staten. setting company objectives. undertand ng and assesung threats and nsks. changes in competitive conditions and emerging technologies, and developing responses and action plans to proactivcly deal with these high-level issues. The system also helps man- agers focus the attention of their subordinates on key strategic issues and to be more involved in their decisions. Data generated by an interactive system are best interpreted and discussed in face-to-face meetings of superon subordinates and peen Control Frameworks A number of control frameworks have been developed to help companies develop god internal control systems. In this section. we discuss three of the most imporant. COBIT Framework The Information Systems Audit and Control Foundation tsACF) developed the Control objectives for Information and related Technology (coBm framework. COBIT is a framework of generally applicable information systems secunty and con- trol practices for IT control. The framework allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exist, and (3) auditors to substantiate their opinions on internal control and to advise on IT security and coatrol matters. The framework addresses the issue of control from three vantage points, or 1 Business objectives. To satisfy business objectives, information must conform to criteria called business requirements for information. The criteria are divided into seven
categories that map into the coso objectives: effectiveness (rele- vant, pertinent. and timely), eficiency. confidentiality, integrity. availability. compliance with legal requirements, and reliability 2 IT resources. This includes people, application systems, technology, facilities. and data. 3 IT processes. These are broken into four domains: planning and organization. acquisition and implementation, delivery and support. and monitoring- coBIT. which consolidates standards from 35 different sources into a single frame- work. is having a big impact on the information systems profession. It is helping man- agers learn how to balance risk and control in an information system environment. It provides users with assurance that the security and IT controls provided by intemal and third parties are adequate. It guides auditors as they substantiate their opinions and as they provide advice to management on intermal controls. coso's Internal Control Framework The Committee of sponsoring organizations (COSO is a Private-sector group consist- ing of the American Accounting Association. the AICPA, the Institute of Internal Auditor, the Institute of Management Accountants, and the Financal Executives Institute. In 1992. coso issued the Internal Control-Integrated Framework, which defines internal controls and provides guidance for evaluating and enhancing intemal control systems. The report is widely accepted as the authority on internal controls and is incor porated into policis, rules and regulations that are used to control business activities.