Updated framework could aid IT compliance


Updated framework could aid IT compliance

Nick Huber
An updated methodology for assessing business risk could help IT departments organise their regulatory compliance projects, according to Forrester Research.

The Committee of Sponsoring Organisations (Coso), a US not- for-profit organisation comprising the country's main accountancy institutes, has published a detailed guide to help companies improve the quality of their financial reporting and comply with legislation such as the US Sarbanes-Oxley Act.

Produced in conjunction with professional services firm PricewaterhouseCoopers, the guide defines the risks faced by businesses and how to deal with them.

It covers strategy, day-to-day running of operations, reliability of reporting and how to comply with laws and regulations. It also explains the roles employees can take to develop a common approach to managing risk and complying with legislation.

The Coso method for risk assessment is the approach most companies are using to comply with the Sarbanes-Oxley Act and has been recommended by US financial market regulator the SEC.

"Risk management in organisations is fragmented and lacks visibility and oversight," said Forrester analysts Michael Rasmussen and Adam Brown in a report on the Coso guide.

"This fragmented approach leads to duplication efforts and technologies trapped in the silos resulting in islands of information. The Coso ERM framework provides the structured guidance that organisations are currently looking for to accomplish this."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy