Accountants, Auditors Unveil Risk-Management Framework - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Other

Accountants, Auditors Unveil Risk-Management Framework

The nonbinding framework defines two categories of information systems controls: general and application.

CIOs with extra time on their hands can thank the Committee of Sponsoring Organizations, an umbrella group of accounting and auditing firms. On Tuesday, the group--known as COSO--unveiled its Enterprise Risk Management-Integrated Framework, a guideline for identifying and measuring financial and nonfinancial risks.

The risk-management framework follows up COSO's Internal Control-Integrated Framework, issued in 1992, which is the underpinning for a section of the Sarbanes-Oxley Act in which companies and their auditors must attest to the effectiveness of internal controls over financial reporting. Beginning Nov. 15, most public companies must include such an attestation with their 2004 annual reports.

Although the framework is nonbinding on companies, it's likely to receive widespread adoption because of the clout COSO wields in setting accounting and auditing policies, many of which have been adopted by the Securities and Exchange Commission in its Sarbanes-Oxley regulations.

The enterprise risk-management framework goes beyond the internal control framework by addressing nonfinancial risks. For example, whereas the internal control framework is intended to ensure the reliability of published financial statements, the enterprise risk framework is designed to address all reports disseminated internally and externally, including regulatory filings.

The framework also adds the concept of setting strategic objectives based on a company's appetite for risk, which governs all major business decisions.

CIOs play an integral role in assuring the "availability and timeliness of information," says Miles Everson, a partner at PricewaterhouseCoopers, which was commissioned by COSO to develop the framework.

The framework defines two categories of information systems controls: general and application. General controls include technology management, infrastructure management, security management, and software acquisition, development, and maintenance. Application controls focus on the completeness and accuracy of information, such as error detection, data reasonableness tests, logic tests, and providing users with predefined lists of acceptable data.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll