ME2 Monitor and Evaluate Internal Control

by Bill Oxley

CobiT definition:

Establishing an effective internal control programme for IT requires a well-defined monitoring process. This process includes the monitoring and reporting of control exceptions, results of self-assessments and third-party reviews. A key benefit of internal control monitoring is to provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations.

Control over the IT process of
Monitor and evaluate internal control

that satisfies the business requirement for IT of
protecting the achievement of IT objectives and complying with IT-related laws, regulations and contracts

by focusing on
monitoring the internal control processes for IT-related activities and identifying improvement actions

is achieved by

  • Defining a system of internal controls embedded in the IT process framework
  • Monitoring and reporting on the effectiveness of the internal controls over IT
  • Reporting control exceptions to management for action

and is measured by

  • Number of major internal control breaches
  • Number of control improvement initiatives
  • Number and coverage of control self-assessments

Control objectives:

ME2 Monitor and Evaluate Internal Control

ME2.1 Monitoring of Internal Control Framework
ME2.2 Supervisory Review
ME2.3 Control Exceptions
ME2.4 Control Self-assessment
ME2.5 Assurance of Internal Control
ME2.6 Internal Control at Third Parties
ME2.7 Remedial Actions

Check out the links for details on the control objectives.

Leave a Comment

Previous post:

Next post: