Essay on COBIT: Bridging the Gap Between Technical Matters, Business Risks and Control Requirements

Introduction

COBIT stands for the Control Objectives for Information Related Technology. This framework was created by ISACA purposely for the management and guideline provision. Ideally, it was later signed to provide support to managers, thereby providing an opportunity to bridge the vital gap that exists between the technical matters, business risks, as well as the control requirements (Nocco & Stulz, 2006). Currently, the framework is mostly recognized as legal provisions that any company can utilize and implement for its overall operation. Overall, COBIT operates to ensure that the quality, reliability, and efficiency of the Information systems are achieving within the companies that adopt them. Ideally, this is the most crucial aspect of modern business in today's world (Moeller, 2007).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

It is important to note that COBIT is globally used by all Information Technology process experts to assist them in equipping themselves with the model for efficient value delivery to organizations. Studies have also shown that businesses that utilize the COBIT framework can practice better risk management practices that are related to information technology. Notably, the COBIT model guaranteed information system integrity.

COSO

COSO framework is designed to assist the businesses establishes, assess, and enhance their internal control. Fundamentally, the importance of the internal control in the Operations and Financial Reporting of the entity cannot be over-empathized as existence, or the absence of the process determines the quality of output generated in the financial statements (Nocco & Stulz, 2006). It is crucial to note that the current and functioning internal control process involves the users with reasonable assurance that the amounts presented in the financial statements are accurate and can be depended upon for informed decision-making (Moeller, 2007).

Enterprise Risk Management (ERM) Framework

Enterprise Risk Management (ERM) is defined as the capability to manage all the risks of the business while striving to achieve the objectives of the company. Fundamentally, the ERM is composed mainly of the strategies and guidelines that help the management and the board of directors to respond and address the relevant business questions related to the organization's risks. Additionally, the ERM is critical in facilitating processes such as risk, coverage, governance, risk data, control environment, stress, and testing (Nocco & Stulz, 2006). However, effective implementation of the ERM framework requires the presence of a healthy organizational culture, which plays a critical role in ensuring that the framework is aligned with the objectives of the company. Lack of proper lifestyle in an organization may prevent an effective adoption, implementation, and usage of the ERM framework.

The Framework that Works Best

In my view, the ERM framework is the most effective because it operates best in many sectors. ERM is fundamentally the most effective way of managing risks across the organization through the use of a common risk management framework. The framework, in this case, can vary widely among the organizations but typically involves tools, people, and rules. As part of the framework, therefore, individuals with defined responsibilities utilize the established, repeatable processes and the substantial level of technology. It is also crucial to note that the ERM works to improved focus and perspective on risk. This means that managers become able to know some of the unforeseen risks that may otherwise affect the organization if not addressed (Moeller, 2007). Finally, ERM is essential effective coordination of regulatory and compliance matters. This involves the identification, monitoring, controlling, and mitigation efforts across the organization. Such information can help reduce the efforts and costs involved in auditing and reviews.

References

Moeller, R. R. (2007). COSO enterprise risk management: understanding the new integrated ERM framework.

John Wiley & Sons.Nocco, B. W., & Stulz, R. M. (2006). Enterprise risk management: Theory and practice. Journal of applied corporate finance, 18(4), 8-20.