Corporate governance and the information system: how a framework for IT governance supports ERM
Abstract
Purpose
The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.
Design/methodology/approach
This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.
Findings
The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.
Originality/value
The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.
Keywords
Citation
Rubino, M. and Vitolla, F. (2014), "Corporate governance and the information system: how a framework for IT governance supports ERM", Corporate Governance, Vol. 14 No. 3, pp. 320-338. https://doi.org/10.1108/CG-06-2013-0067
Publisher
:Emerald Group Publishing Limited
Copyright © 2014, Emerald Group Publishing Limited