IT CLC - Soft controls 1592

e0jrodriguez

Hi,
I’m looking for information about IT Company Level Controls. As far as i remember, IT CLC are focused in the Control Enviroment and Information_and_Communication components of COSO; however we are including some controls of the Risk Assesment component.
Does anyone have any comments?
Regards,
JD

harrywaldron

Hi JD and welcome … These links might help start in some of the research.
As direct linking is not allowed in forums, please add ‘www’ to links noted below
General Search
google.com/search?hl=en-and-q=coso IT Company Level Controls
COSO IT Company Level Controls - Links
aicpa.org/pubs/jofa/jun2005/mcnally.htm
sec.gov/news/press/4-511/bbenoit3806.pdf
grantthornton.com/staticfiles/GTCom/files/services/BusinessAdvisoryServices/Publications/Governance_Alert_May.pdf
pcaobus.org/Standards/Standing_Advisory_Group/Meetings/2006/06-12/Implementation_Section_404-and-AS2.pdf

milan

Hi,
The following are company level controls as identified in the document, IT Control Objectives for Sarbanes-Oxley.
Company-level controls set the tone for the organization.
Examples include:
Systems planning
Operating style
Enterprise policies
Governance
Collaboration
Information sharing
Codes of conduct
Fraud prevention
For compliance guidance, it might be helpful to review the complete document from ISACA: Insert www. before the link that follows:
isaca.org/Template.cfm?Section=Downloads4-and-Template=/TaggedPage/TaggedPageDisplay.cfm-and-TPLID=63-and-ContentID=13742#COBIT
Hope this further helps,
Milan