COSO Internal Control-Integrated Framework
COBIT was derived from the COSO Internal Control-Integrated Framework, developed by the Committee of Sponsoring Organizations (COSO) that sponsored the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting. The COSO IC framework, first released in 1992 and last updated in 2013, identifies 17 internal control principles that are grouped into five internal control components as listed here.
Control Environment
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibilites
3. Extablishes structure, authority, and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
Risk Assessment
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assess fraud risk
9. Identifies and analyzes significant change
Control Activities
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
Information and Communication
13. Uses relevant, quality information
14. Communication internally
15. Communicates externally
Monitoring activities
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies