Resources

LINKS

CU Partners

Office of General Counsel http://ogc.columbia.edu/

Office of Research Compliance and Training http://www.columbia.edu/cu/compliance/

Office for Billing Compliance http://www.cumc.columbia.edu/dept/compliance/

 

Columbia University Reference Materials

Administrative Policy Library http://policylibrary.columbia.edu/

Compliance Policies http://www.compliance.columbia.edu/policies.html

Physician & Surgeon Policies http://ps.columbia.edu/insideps/?page_id=843

 

External Reference Materials

COBIT Excerpt Framework for IT Governance and Control

COSO

 

Government Documents

Office of Management and Budget Circular A-21, Cost Principles for Educational Institutions

Office of Management and Budget Circular A-110, Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations

Office of Management and Budget Circular A-133, Audits of Institutions of Higher Education and Other Non-Profit Institutions

 

What is COSO and COBIT?

COSO

The Committee of Sponsoring Organization (COSO) of the Treadway Commission is a private sector commission established in 1985 by five financial professional associations.

COSO studied reasons that led to fraudulent financial reporting and developed recommendations for public, private and government entities. 

COSO Pyramid shows the correlation between internal control components.

COSO Cube shows the relationship between units, activity and objectives.

COSO Pyramid and Cube

 

Computing Objectives for IT (COBIT) was developed by the Information Systems Audit and Control Association (ISACA).  COBIT defines IT best practices and controls that should be implemented in organizations that use Information Technology to run their operations. 

The objectives are organized into four main areas:

1. Plan and Organize

– IT Strategy and Planning Functions

2. Acquire and Implement

– Procurement and Development

3. Deliver and Support

– Operations and Help Desk

4. Monitor and Evaluate

– Ensure Performance and Safeguarding