In my previous article, I focused on Sarbanes-Oxley (SOX) as an example of how to apply a flexible framework that can easily be adapted to meet other government compliance requirements, such as Basel II and the USA Patriot Act.

In this article I will clarify in more detail how the framework facilitates Control Point monitoring and management, as well as other key success factors to consider.

What is a "Control Point"?

To understand how the framework facilitates Control Point monitoring and management, it's important to define what we mean by "Control Points." SOX define two types of controls: internal controls and disclosure controls.

An internal control is defined by the Committee of Sponsoring Organizations (COSO) as a process, affected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of:

1. Effectiveness and efficiency of operations

2. Reliability of financial reporting

3. Compliance with applicable laws and regulations.