In the 1970s, concern over the rise in corporate bankruptcies and financial collapses began to heighten a demand for more accountability and transparency among publicly held companies. The Foreign Corrupt Practices Act of 1977 (FCPA) criminalized bribery in foreign countries and was the first regulation that required companies to implement internal control programs to keep extensive records of transactions for disclosure purposes.
When the savings and loan industry collapsed in the mid-1980s, there was a cry for governmental oversight of accounting standards and the auditing profession. In an effort to deter governmental intervention, an independent private-sector initiative, later called COSO, was initiated in 1985 to assess how best to improve the quality of financial reporting. COSO formalized the concepts of internal control and framework in 1992 when it issued the landmark publication Internal Control-Integrated Framework.
Since that time, other professional associations have continued to develop additional frameworks and standards to provide guidance and best practices to their constituents and the IT community at large. The following sections will highlight COSO and some of the other most prominent IT frameworks and standards in use today.