8.7 What is the relationship between COSO, COBIT, and the AICPA’s Trust Services frameworks? COSO is a broad framework that describes the various components of internal control. It does not, however, provide any details about IT controls.
COBIT is a framework for IT governance and control.
The AICPA’s Trust Services framework is narrower in scope than COBIT, focusing only on those IT controls (security, confidentiality, privacy, processing integrity, and availability) that relate directly to systems reliability.