CU Partners

Office of General Counsel

Office of Research Compliance and Training

Office for Billing Compliance


Columbia University Reference Materials

Administrative Policy Library

Compliance Policies

Physician & Surgeon Policies


External Reference Materials

COBIT Excerpt Framework for IT Governance and Control



Government Documents

Office of Management and Budget Circular A-21, Cost Principles for Educational Institutions

Office of Management and Budget Circular A-110, Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations

Office of Management and Budget Circular A-133, Audits of Institutions of Higher Education and Other Non-Profit Institutions


What is COSO and COBIT?


The Committee of Sponsoring Organization (COSO) of the Treadway Commission is a private sector commission established in 1985 by five financial professional associations.

COSO studied reasons that led to fraudulent financial reporting and developed recommendations for public, private and government entities. 

COSO Pyramid shows the correlation between internal control components.

COSO Cube shows the relationship between units, activity and objectives.

COSO Pyramid and Cube


Computing Objectives for IT (COBIT) was developed by the Information Systems Audit and Control Association (ISACA).  COBIT defines IT best practices and controls that should be implemented in organizations that use Information Technology to run their operations. 

The objectives are organized into four main areas:

1. Plan and Organize

– IT Strategy and Planning Functions

2. Acquire and Implement

– Procurement and Development

3. Deliver and Support

– Operations and Help Desk

4. Monitor and Evaluate

– Ensure Performance and Safeguarding