Control Objectives for Information and related Technology (COBIT) is the standard most auditors use to determine if internal controls are in place, active and documented for your IT systems and processes. But if COBIT standards are applied without a sufficient baseline and a modicum of common sense, many enterprises find that they have hundreds of discrepancies to address. Not only does that diminish that value of COBIT as an effective standard, it brings IT to a standstill while addressing the audit findings. If your firm’s auditor have used a contol standard other than COBIT to assess internal controls, what have they used? In addition to Financial Best Practices, was your standard also based upon IT Best Practices? How was that determined and by whom?

—–