Evergreen Offers Tips for Internal Audit Frameworks

In its latest IT management tip, Evergreen Systems, an IT technology and process consulting firm, advises IT departments to take the lead in mapping business audit standards to IT operations.

Although many organizations have adopted internal control standards set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for business operations, they have yet to effectively map these higher level controls to what IT actually does. Evergreen believes IT managers should take the lead by mapping and communicating the links that exist between COSO and commonly accepted IT frameworks such as IT Infrastructure Library (ITIL) and/or Control Objectives for Information and Related Technologies (COBIT®).

COSO provides a business-focused common definition of internal controls, standards and criteria against which companies and organizations can assess their control systems. Aligning COBIT and ITIL through a COSO framework leads to a more organized auditing process, particularly from an IT perspective. Mapping COSO to IT frameworks such as ITIL and COBIT enables this by providing a clear picture to the organization and auditors about how IT operations align to business control objectives.

"Our clients are concerned that auditors coming in with the COSO standards as a guide won't know where to look or what to focus on when it comes to IT," says Joe Koester, VP of consulting services. "By mapping COSO to more IT-specific frameworks and then sharing this information with auditors, we can ensure they focus on the areas that relate directly to COSO and to what the business really cares about."