This article provides an overview and summary of the COBIT 5 process System of Internal Control, which is part of the Management – Monitor (Monitor, Evaluate, Assess) domain.

The purpose of this COBIT 5 process is to continuously monitor and evaluate the control environment, including self-assessments and independent reviews. This is to enable management to identify control deficiencies and implement improvement plans. The goal is to obtain transparency for key stakeholders on the adequacy of the internal controls providing confidence in IT to meet the required goals and objectives.

The following sub-governance processes are further supported by a list of control activities:

  1. Monitor internal controls. Regularly monitor and improve the IT control environment and control framework.
  2. Review organisation process controls effectiveness. Review the operation of controls, including a review of monitoring and test evidence, to ensure that controls within organisation processes operate effectively.
  3. Perform control self-assessments. Ensure management and process owners drive control improvement through self-assessments.
  4. Identify and report control deficiencies. Identify control deficiencies and their underlying root causes.
  5. Ensure that assurance providers are independent and qualified. Ensure that the providers performing assurance are independent.
  6. Plan assurance initiatives. Plan assurance initiatives based on organisation objectives and strategic priorities.
  7. Scope assurance initiatives. Define and agree with management on the scope of the assurance initiative.
  8. Execute assurance initiatives. Execute the planned assurance initiative and report on findings.

For more information please contact Morland-Austin at