CobiT definition:
Establishing an effective internal control programme for IT requires a well-defined monitoring process. This process includes the monitoring and reporting of control exceptions, results of self-assessments and third-party reviews. A key benefit of internal control monitoring is to provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations.
Control over the IT process of
Monitor and evaluate internal control
that satisfies the business requirement for IT of
protecting the achievement of IT objectives and complying with IT-related laws, regulations and contracts
by focusing on
monitoring the internal control processes for IT-related activities and identifying improvement actions
is achieved by
- Defining a system of internal controls embedded in the IT process framework
- Monitoring and reporting on the effectiveness of the internal controls over IT
- Reporting control exceptions to management for action
and is measured by
- Number of major internal control breaches
- Number of control improvement initiatives
- Number and coverage of control self-assessments
Control objectives:
ME2 Monitor and Evaluate Internal Control
ME2.1 Monitoring of Internal Control Framework
ME2.2 Supervisory Review
ME2.3 Control Exceptions
ME2.4 Control Self-assessment
ME2.5 Assurance of Internal Control
ME2.6 Internal Control at Third Parties
ME2.7 Remedial Actions
Check out the links for details on the control objectives.
No related posts.