COSO (1992) is the most prominent framework covering the totality of the organization and identifies the key areas that require attention to ensure an effective control environment. In their comparison of internal control frameworks, Pfister (2009) reported that both SAC and COSO frameworks are similar in the areas of internal control objective and management’s responsibility for the control system. SAC’s primary focus, however, is on information with a view to earning for the organization the much needed competitive advantage. CoCo examines internal control from the perspective of the individual and considers what must have to be so that the individual can effectively perform control activities. The Basel Framework (1998) has everything as in COSO except that it is especially formulated for banking institutions, whereas COSO can be applied by any type of enterprise. According to Pfister (2009), both COSO and Basel frameworks described internal control as a process that recognizes operational, financial, and compliance risks, and as an integral part of the organization. On its part, IFAC (2006) stated that COBIT complements COSO and Basel only in the area of information technology, not business as a whole. The Turnbull Report, which builds on, COSO, and CoCo restated the importance of internal control and risk management to the achievement of corporate objectives.
Pfister (2009) emphasized that the primary purpose of these frameworks was to support practice by creating common-user principles for business practitioners. This will be achieved through the definitions that the frameworks have offered for the important elements of internal control, as well as their interrelationships, and quality evaluations (COSO, 1992). Thus, for other users including researchers, these frameworks not only constitute ready-made tools for their research, they provide the necessary overview of internal control and other basic details required for research studies related to this subject (Pfister, 2009). More critically important is that they explain the importance of internal control to firm performance, hence to the achievement of organizational objectives. On the whole, the appropriate framework to use depends on the characteristics of the firm or industry under consideration (Jokipii, 2010). In the present circumstance, the Basel Frameworks (1998, 2011), which also address the same three objectives as COSO, will be applied to this study with appropriate references to COBIT.