Barrington executive management members are questioning how AIS should be evaluated. They are aware of the internal controls required by Sarbanes-Oxley Act and are questioning if there are other evaluation criteria that should be considered. You are aware of the COSO enterprise risk management (ERM) framework that expands on the internal controls required by the Sarbanes-Oxley Act and want to advise management of this framework.
In a memo to Barrington’s management discuss:
The COSO ERM framework.
How it includes and expands on the internal controls required by Sarbanes-Oxley Act.
The differences between Internal-Control Integrated Framework and COSO ERM framework.