AUCKLAND · FACULTY OF ACCOUNTING

BUSACT702 · Accounting Information Systems

- one subject, every graph, every model, every mark
Accounting14 Chapters10-page Bible
Our own words - no uploaded lecturer files
Updated for this semester
Chapter 9 of 11 · BUSACT 702

Systems Development & Risk Frameworks: COSO & COBIT

This chapter of University of Auckland BUSACT 702 steps up to how systems are built and governed: the systems development life cycle (SDLC), the COSO internal-control framework and COBIT for IT governance. COSO and COBIT are standard, public frameworks and are taught here at the standard level — the exact depth and any prescribed detail for your quarter are set on Canvas, so confirm the coverage there rather than assuming a particular level of detail.

In this chapter

What this chapter covers

  • 01The systems development life cycle (SDLC): the phased approach to building or acquiring an information system (broadly: planning/analysis -> design -> build -> implement -> operate and maintain)
  • 02Why the SDLC matters for accountants: controls and documentation must be designed in, not bolted on after
  • 03COSO as an internal-control framework: a structured way to think about the components of internal control across an organisation
  • 04The standard COSO components (control environment, risk assessment, control activities, information & communication, monitoring activities) — confirm the exact treatment on Canvas
  • 05COBIT as an IT-governance framework: aligning IT with business objectives, with governance separated from management
  • 06How the frameworks relate: COSO frames internal control broadly; COBIT focuses on governing and managing enterprise IT
  • 07Caveat: the available course materials name these as examinable topics but do not fix a depth — treat detail as standard-level and confirm coverage on Canvas
Worked example · free

Placing a control in the COSO framework

Q [3 marks]. A company introduces (a) a written code of conduct and a tone-from-the-top ethics policy, (b) a formal process to identify and assess the risks to its financial reporting, and (c) monthly management review of exception reports. Using the standard COSO internal-control framework, name the component each best fits. (Confirm the exact framework treatment used in your quarter on Canvas.)
  • +1(a) A code of conduct and tone-from-the-top set the organisation's integrity and ethical values and its control culture — the Control Environment component (the foundation the others rest on).
  • +1(b) A formal process to identify and assess risks to reporting objectives is the Risk Assessment component — deciding what could go wrong and how significant it is.
  • +1(c) Ongoing monthly review of exception reports is a Monitoring Activity — evaluating whether controls are present and functioning over time. (A specific control such as an authorisation would instead be a Control Activity.)
(a) Control Environment, (b) Risk Assessment, (c) Monitoring Activities. These are three of the standard COSO components; Control Activities and Information & Communication are the other two. Confirm the exact framework and depth on Canvas.
Sia tip — Keep the two frameworks in their lanes: COSO = internal control across the whole organisation; COBIT = governing and managing IT specifically. Because the available materials don't fix a depth, learn the standard structure and confirm the assessed detail on Canvas rather than memorising a version that may not match.
Glossary

Key terms

Systems development life cycle (SDLC)
The phased approach to developing or acquiring an information system — broadly planning/analysis, design, build, implementation, and operation/maintenance — during which controls and documentation should be designed in.
COSO framework
A widely used framework for designing and evaluating internal control across an organisation, structured into standard components. In this course, learn it at the standard level and confirm the assessed depth on Canvas.
Control environment
The COSO foundation component — the organisation's integrity, ethical values, governance and tone from the top that underpin all other controls.
Risk assessment
The COSO component covering the identification and analysis of risks to the entity's objectives, informing which controls are needed.
Monitoring activities
The COSO component covering ongoing and separate evaluations that check whether controls are present and functioning over time.
COBIT
A framework for the governance and management of enterprise IT, aligning IT activities with business objectives and distinguishing governance from management.
FAQ

Systems Development & Risk Frameworks: COSO & COBIT FAQ

What is the SDLC and why do accountants study it?

It is the phased life cycle for building or acquiring a system. Accountants care because controls and documentation must be designed in during development, not retrofitted — a system built without them is expensive to control later.

What is the difference between COSO and COBIT?

COSO is a framework for internal control across the whole organisation; COBIT is a framework for governing and managing IT specifically, aligning it with business goals. They complement rather than compete.

How much COSO/COBIT detail do I need for BUSACT702?

Learn them at the standard level — the COSO components and what COBIT is for. The course materials name these as examinable topics but the exact depth for your quarter is set on Canvas, so confirm the required detail there rather than over- or under-preparing.

Can Sia explain the COSO components to me?

Yes — Sia can walk through the standard COSO components and COBIT's purpose and quiz you on placing a control in the right component. Treat it as a study aid and confirm the assessed framework detail against your course outline on Canvas.

Study strategy

Exam move

Because the available materials name COSO and COBIT without fixing a depth, learn the standard structure — the COSO components and COBIT's IT-governance purpose — and the SDLC phases, then confirm the exact coverage on Canvas so you match your quarter's treatment. Practise placing example controls into the right COSO component, and be able to say in one line how COSO (organisation-wide internal control) differs from COBIT (IT governance). Don't fabricate detail beyond the standard framework; where you're unsure, note 'confirm on Canvas'.

Working through Systems Development & Risk Frameworks: COSO & COBIT in BUSACT 702? Sia is AskSia’s AI Accounting tutor — ask any BUSACT 702 Systems Development & Risk Frameworks: COSO & COBIT question and get a clear, step-by-step explanation grounded in how BUSACT 702 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + your other AUCKLAND subjects - and 1,000+ Bibles across every Australian university.
Sia - your BUSACT702 tutor, unlimited, worked the way the exam marks it
The full 10-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
BUSACT702 · Accounting Information Systems - independent study guide on the AskSia Library. More AUCKLAND subjects · Microeconomics across all universities
Unlock the full BUSACT702 Bible + your other AUCKLAND subjects解锁完整 BUSACT702 Bible + AUCKLAND 全部科目
$25/mo