PrepAway - Latest Free Exam Questions & Answers

Which of the choices below best describe the COSO’s mai…

CobiT was developed from the COSO framework. Which of the choices below best describe the COSO’s main
objectives and purpose?

PrepAway - Latest Free Exam Questions & Answers

A.
COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization

B.
COSO main purpose is to define a sound risk management approach within financial companies.

C.
COSO addresses corporate culture and policy development.

D.
COSO is risk management system used for the protection of federal systems.

Explanation:
COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the
strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet
many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in
company culture, financial accounting principles, board of director responsibility, and internal communication
structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial
Reporting, an organization that studies deceptive financial reports and what elements lead to them.
There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its
books (manipulate its revenue and earnings reports), but it took the Sarbanes–Oxley Act (SOX) of 2002 to
really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send
executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the
Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be
compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000
standards and CobiT to help construct and maintain their internal COSO structure.
Incorrect Answers:
B: It is not the main purpose of COSO to define a sound risk management approach within financial
companies.
C: It is not the main purpose of COSO to address corporate culture and policy development.
D: COSO is not a risk management system used for the protection of federal systems.References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 59


Leave a Reply