Accounting information systems
COBIT from its initials stance for Control Objectives for Information and Related Technology. COBIT is an IT framework that was developed to aid business organizations to organize and implement business strategies around information governance and administration. The idea was initiated by the Information System Audit and Control Association (ISACA) to also create a bridge between control requirements, technical issues, and business risks. COBIT is a universal technology guideline that can be applicable to any organization since it confirms quality supervision and consistency of information systems (Moeller, 2013). In the modern hi-tech world, an information system is the most crucial aspect of every corporate organization and so the technology applied needs to assert the security of the information confidentiality in a company.
The introduction of COBIT framework enables corporates to exploit their benefit of information technology by introducing a parallel IT governance and management within the company. Consequently, COBIT aids the corporates to sustain a high quality of information, optimize huge costs related to IT, attaining operational excellence, comply with the IT regulations and prevent the company from IT-related jeopardy. COBIT operates under the following five principles that enable it to be demanded in many of organizations: facilitating a universal approach, meeting the needs of the shareholders, covering the end to end duties of an enterprise, differentiating management from governance and promoting a single integrated framework (Farrell & Gallagher, 2015). However, its technology is more complex and expensive to be established notably in an infant organization.
COSO integrated control
The COSO framework is an improvised version of the Integrated Control Framework that has the authority over internal controls. COSO is integrated into policies that control and manage business activities. Managers apply the COSO in formulating strategies, assessing management risks, identifying issues that may affect the company and as an assurances that the organizations are able to attain its goal and standards. However, COSO provides lesser context for results evaluation and controls corporates without examining the risks involved in the business processes. To some extent, the system is complex because it is difficult to realize whether the controls systems are able to deal with hazards at hand, which control systems are missing and if the control system is vital in the management operation. Furthermore, COSO does not sufficiently address the issues and risks involved in Information Technology.
The ERM framework is more of a risk-based system than a control-based system. Unlike the other information systems, ERM framework tends to identify the risk involved in the control system rather than controlling a system with anonymous risks. Accordingly, its controls are more pertinent and flexible since the controls are interlinked to the contemporary organization’s objectives and goals (Moeller, 2013). The ERM framework initially identifies the risk and later controls it. Furthermore, the risk can be shared, transferred, diversified, accepted or avoided. The ERM model adds some additional aspects to the COSO integrated control framework such as developing the responses that can manage a risk, setting objectives and standards, and identifying issues that may afflict the company.
From the evaluation of the three accounting systems, ERM model is the most reliable and comprehensive framework that is simple and more secure to be adopted. The distinctive advantage that ERM has, is the ability to identify risks initially before managing and later controlling the risks. ERM is suitable for a financial corporate organization like bank where there so much risks involved. The challenge with COBIT framework is that COBIT is more complex to adopt and appears to be expensive hence only established corporates are able to adopt. While COSO has come up with various faults such as the authenticity to address risk issues that make it unsuitable for any organization.
Farrell, M., & Gallagher, R. (2015). The valuation implications of enterprise risk management maturity. Journal of Risk and Insurance, 82(3), 625-657.
Moeller, R. R. (2013). Role of Internal Audit in Enterprise Risk Management. COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance Processes, Second Edition, 247-266.