Book excerpt: Many IT professionals who are held accountable for the quality and integrity of information generated by their IT systems are not well versed in the intricacies of internal control, which is critically essential. Although risk may be managed by IT, the risk management process may not be formalized or structured in a way required by an organization's management or auditors. This is true for organizations worldwide. The authors clearly explain the current focus on enhancing corporate accountability, understanding the audit committee's responsibility, adopting an internal control framework (COSO), considering fraud in an audit or review of internal control, implementing IT controls and a compatible IT governance framework (COBIT), and seizing the opportunity of turning compliance into a competitive advantage. The document provides assessment ideas and approaches, IT control objectives mapped to COSO for disclosure and financial reporting purposes, and a road map to address the murkiness of these regulatory times. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.