Committee of Sponsoring Organization (COSO)

COSO defined internal control framework to improve the systems and provide the
efficiency and effectiveness in the operations of organization.
These are internal controls which are broadly divided in two categories:-
1. Physical Control Activity
2. IT control Activity

Information system Controls

These controls aim to set procedure for IT related activities. Today, organization stores
their data in large software which ease the data and provide fruitful reports but there
are so many threats associated with IT which require control procedures.
COSO define Information system controls divided in two category-
1.General Controls

General Controls are those controls which apply to whole computer environment.
These controls are established in order to ensure that all data files are safe and secure;
all application and programs files are well implemented.
For e.g. Data should be restored/ backed up at some storage device on frequent
intervals. This is required for business continuity and handles disaster management.

2. Application control
Application controls ensures the validity, completeness and accuracy of specific
application or transaction. They focus on the risk associated with some specific
application and set control to mitigate the risk.
For Example- There should be one payment against one invoice and it should be
recorded under vendor ledger properly.
Fixed assets purchased during the year should be recorded under respective head and it
should be supported with source/base document i.e. Purchase bill. Verification check
required.

Conclusion
These controls emphasize to achieve integrity and authenticity of data. They focus on
continuity of operations without any hack.