INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES

Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203
Received: 21.10.2023 | Accepted: 12.03.2023 | Published Online: 01.04.2023

-RESEARCH ARTICLE-

INTEGRATION BETWEEN COBIT AND COSO FOR INTERNAL CONTROL

AND ITS REFLECTION ON AUDITING RISK WITH CORPORATE
GOVERNANCE AS THE MEDIATING VARIABLE

Zeina Khdier Abass

Department of Accounting, College of Administration
and Economics, Mustansiriyah University, Iraq
Email: [email protected]
https://orcid.org/0000-0002-5636-5047

Thamer Kadhim Al-Abedi

Department of Accounting, College of Administration
and Economics, Mustansiriyah University, Iraq
Email: [email protected]
https://orcid.org/0000-0002-6903-7528

Hakeem Hammood Flayyih

Department of Financial and Banking Sciences, College
of Administration and Economics, University
of Baghdad, Iraq
Email: [email protected]
https://orcid.org/0000-0003-0615-0854

─Abstract─
The objective of the study was to assess the influence of the integration of information
technology governance under the Control Objectives for Information and Related
Technologies (COBIT) framework and internal control frameworks under the
Committee of Sponsoring Organisations (COSO) framework on corporate governance
(CG) and audit risk (AR). The study variables were measured with instruments created
by previous authors. Thirty Iraqi banks listed on the Iraq Stock Exchange were chosen
for 2019 through 2022. The study's findings support those of previous research. The
Citation (APA): Abass, Z. K., Al-Abedi, T. K., Flayyih, H. H. (2023). Integration Between Cobit and Coso for
Internal Control and Its Reflection on Auditing Risk with Corporate Governance as The Mediating Variable.
International Journal of Economics and Finance Studies, 15 (02), 40-58. doi:10.34111/ijefs. 202315203

40
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

study found that COBIT has actively contributed to supporting various banking activities
and augmenting their efficacy through electronic devices and the prompt delivery of
services. Integration of COBIT and COSO had a significant and positive effect on
governance and audit readiness. The findings of this study demonstrate the significance
of regulatory frameworks in enhancing banking performance.
Keywords: COSO, COBIT, corporate governance, audit risk

1. INTRODUCTION
It has been observed that irresponsible risk-taking and culture have emerged as
significant concerns with the rise of corporate governance issues, and this has ensured
that the organization's directors are not the final link in the chain of information (Yeoh,
2019). In addition, Abdulhussein et al. (2023) found that in recent years, as a result of
an increase in business scandals and organizational complexities, the scope of internal
auditing has been expanded, and it is essential for this as it contributes to corporate
governance and enterprise risk management in an organization. In addition, the global
financial crisis has exacerbated economic issues for enterprises worldwide (Al-Taee &
Flayyih, 2023). It also demonstrates that improper and inadequate risk management can
affect any jurisdiction or industry (Oakman et al., 2020). All businesses must create a
policy with a comprehensive understanding of risk and develop an appropriate set of
operating processes necessary to react and respond to shifting situations and
circumstances promptly.
The audit literature (Nikolovski et al., 2016) has identified three risks that auditors
confront. Errors and omissions in extremely complex transactions documented using
judgment or guesswork are the primary source of inherent risk. Control deficiencies
within the organization do not affect this audit risk (AR). Financial statement
misrepresentation due to variables other than control defects poses an inherent risk
(Taylor, 2000). Control AR refers to the probability of financial statement inaccuracies
due to a lack of relevant controls or the failing of internal controls within an organization.
The risk is high in situations with insufficient controls to detect or prevent fraudulent
activity or errors (Bentley-Goode et al., 2017). According to Balfe et al. (2023),
detection risk arises when auditors cannot detect or fail to identify misstatements in
financial statements due to errors or illicit activities. This can occur when the auditing
firm's procedures are insufficient to detect material misstatements resulting from fraud
or error in the financial statements. Typically, either sampling or non-sampling errors
are responsible for detection risk.
Since implementing the framework by the Committee of Sponsoring Organizations
(COSO) in 1992, the internal auditing function has endured significant changes. In
contrast to traditional theories that focused solely on financial controls, the COSO
framework offered a comprehensive approach that included hard and soft controls, such
as employee competence and professionalism (Abdulakareem & Mohammed, 2020). By
41
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

employing this alternative methodology, internal auditors can identify fundamental

systemic causes, prevent the attribution of blame, and identify viable solutions. Auditors
must comprehend COSO, evaluate the strengths and weaknesses of controls, define
significant issues and reportable conditions, verify testimonial evidence, conclude with
a final assessment, and identify corrective actions (Simmons, 1997).
According to Roussy et al. (2020), an effective internal control system necessitates a
thorough comprehension and accurate identification of the various control dimensions
and their significance in achieving the organization's objectives. According to Felo et al.
(2023), the "tone at the top" is a COSO framework's control environment component.
This is an integrated control framework that conceptualizes an effective internal control
system. COSO serves as a foundational basis for the improvement of mutual
understanding between the relevant stakeholders of the business because it provides
them with a common language that facilitates effective communication and flow of
information; consequently, it aids the business in efficiently achieving its goals
(Bozoklar et al., 2020).
According to Cereola et al. (2011), internal control frameworks are the basis for
comprehending and evaluating the effectiveness of organizational controls. Therefore,
introducing the COSO of the Treadway Commission's internal control framework in
1992 was an important occasion for the internal auditing community. The COSO
framework provided a comprehensive approach to internal control evaluation and
administration, enabling auditors to make informed judgments about the effectiveness
of internal controls. Implementing the COSO internal control framework 1992 provided
management with a unified method for assessing internal control systems, incorporating
five distinct control components. (Janvrin et al., 2012; Martin et al., 2014). These
components include the control environment, risk assessment, control activities,
information and communication, and monitoring. The introduction of the COSO internal
control framework represented the first significant effort to formalize the definition of
internal control and establish a measurement standard for it. The passage of the
Sarbanes-Oxley Act (SOX), specifically section 404, a decade later further emphasized
the importance of internal control. The law required organizations to establish and
maintain internal controls for financial reporting, and managers and external auditors
were required to evaluate and report on the effectiveness of internal control. According
to D'Aquila (2013), this legislation is a significant step toward improving the quality and
reliability of financial reporting in organizations. Since the implementation of the
Sarbanes-Oxley Act (SOX) of 2002, public accounting firms and publicly traded
corporations have placed a substantial emphasis on internal controls (Talab et al., 2023).
Consequently, accounting graduates may be responsible for evaluating, documenting,
and potentially verifying the adequacy of an organization's internal control framework.
Internal Control-Integrated Framework by the Committee of Sponsoring Organizations
COSO, 1992 is the most frequently used tool (Savage et al., 2008). The COSO concept

42
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

emphasizes that auditors must comprehend and implement the internal control
framework to aid management in carrying out its responsibilities.
According to (Aksoy et al., 2020), the internal control of COSO is a comprehensive
process that has been effected by an entity of the company's management, board of
directors, and other authorized personnel, in the achievement of a specific objective such
as bringing efficiency and effectiveness to the organization's operations, enhancing the
reliability of the firm's financial operations, and improving financial reporting. COSO is
compliant with all applicable laws and regulations. In addition, Rae et al. (2017) outlined
five interdependent COSO components. The Control environment, which is the
environment in which COSO operates, is the first component. It comprises "the
philosophy and operating style of management," "the structure of the organization,"
"authorities and responsibilities," and "human resource policies and practices" (Rae et
al., 2017). The second component is risk assessment, which addresses several
compliance, operational, and financial organizational objectives, identifies the primary
success factors, analyzes and identifies risk, and effectively manages change (Rae et al.,
2017). The third element consists of control activities. The control activities emphasize
all the activities that aid in identifying the directives of the company's management as
crucial to addressing potential hazards. COSO has paid attention to the various
categories of control measures and the integration and indicators of risk assessments
(Rae et al., 2017). Information and communication is the fourth component; it is one of
the most important components because it entails communicating external and internal
information and capturing and identifying information for attaining the organization's
objectives (Rae et al., 2017). Monitoring represents the fifth and final element. The
process evaluates the internal control system and performance quality over a specified
period using distinct evaluations and ongoing activities. (Rae et al., 2017) Monitoring
aspects include the objective of leading corrective measures and actions, the reporting
of deficiencies, the plan of action, the documentation of the involved controls and
systems, the applied methodologies, the evaluation process, and, lastly, the designation
of the evaluator.
In this context, Rae et al. (2017) analyzed a correlation between the five components of
the COSO framework to determine their effect on corporate governance. The research
reveals a direct correlation between communication and information and the control
environment. Contact and information also directly and significantly relate to control
activity procedures, policy, and risk assessment. Rae et al. (2017) propose that an
organization's control activity procedures and policies must be monitored and evaluated
to ensure their continued relevance and conformance. In addition, the principal
alternative to structural equation modeling facilitates the connection between
information and communication, risk assessment, and the control environment. In
addition, structural equation modeling supports the notion of an inverse relationship

43
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

between communicational and informational components and monitoring. (Rae et al.,

2017).
According to COSO, internal control is a systematic process designed to provide
reasonable assurance of achieving organizational objectives, especially those relating to
the reliability of financial reporting, compliance with legal and regulatory requirements,
and the efficacy and efficiency of operations. In addition, the execution of COSO's five
internal control framework components is the responsibility of management. COSO
presents these components as a pyramid, with the control environment at the base, risk
assessment, and control activities on the next level, information and communication near
the top, and monitoring at the apex (Hubbard, 2003).
Using the COSO framework, Thabit et al. (2017) assessed the efficacy of the internal
control system in Kurdistan, northern Iraq, and businesses. The study demonstrated a
disparity between the internal control systems of companies in Kurdistan and the
requirements of the COSO framework. The research suggested that Kurdish enterprises
improve their internal control systems per international standards to implement the
COSO framework effectively. According to Hopkin (2018), risk assessment, as defined
by COSO, is the analysis and identification of risks associated with attaining the
objectives and goals of the organization by establishing a basis for how they could
manage the risk.
Adopting information technology (IT) is crucial to achieving a competitive advantage
in strategic management. Numerous businesses have allocated substantial resources to
IT investments, believing that these investments will improve company performance and
productivity. The banking industry prioritizes incorporating IT to enhance its
performance, especially in facilitating financial services as an intermediary. (Muawanah,
2020) Researchers have shown considerable interest in examining the critical role of IT
in enhancing organizational performance. IT governance (ITG) is the organizational
process of ensuring that the investment in IT enables the achievement of strategic and
tactical objectives.
ITG is also a component of corporate governance (CG) that focuses on the function that
IT plays within an organization. There are numerous significant aspects of ITG, with the
design of decision-making authority and organizational structure being the most
important. Debreceny (2013) discussed various aspects of ITG, including the function
of governing bodies such as the board of directors in supervising and directing IT. The
author emphasized the significance of designing ITG's decision rights and organizational
structures and posed questions about the roles and responsibilities undertaken by the
governing body versus senior and operational management. In addition, the article
discusses how IT should be structured within an organization and whether it should be
distributed predominantly to operational or administrative units.

44
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

2. LITERATURE REVIEW
The auditing literature review centered on internal control and the failings observed over
years of practical experience with corporate failures, accounting, and auditing. These
disasters have emphasized the need for a more comprehensive view of control systems.
In the past, evaluating the efficacy of an economic unit's control systems in detecting
and preventing errors and fraud in financial statements lacked frameworks and
standards. This circumstance necessitated a broader understanding of control systems.
However, the COSO framework has filled this void by providing a set of standards for
evaluating the efficacy of internal control. This framework permits an estimated
evaluation of the control system efficacy of an economic unit. The COSO integrated
framework for internal control is the only standard currently used in the United States to
evaluate the effectiveness of internal control systems in financial reporting (Mohammed
et al., 2021). Several authors have discussed the COSO conceptual framework in
previous literature and found it provides guidance and clarity (Rashid et al., 2021).
Separately and collectively, the components of the COSO framework have been the
subject of extensive research.
In addition, some researchers have discovered a correlation between control activities
and monitoring. However, very little research has been found that employs rigorous
statistical analysis to examine all five components of the COSO framework. According
to Braim et al. (2023), the COSO framework illustrates the organization-wide
application of an internal control system.
Rubino et al. (2014a)'s research objective was to demonstrate how ITG facilitates the
enterprise risk management process. The study describes how the incorporation and
support of the COSO for Enterprise Risk Management (COSO ERM) framework by the
COBIT framework enables a company to accomplish its goals. The study's findings
disclosed inconsistencies in the COSO ERM and demonstrated how the COBIT
framework could aid in developing an effective internal control system. In addition,
Rubino et al. (2017) sought to determine the impact of the ITG framework COBIT on
the control environment and internal control system. They analyzed how the COBIT
framework affected the control environment and internal control system. In particular,
the study demonstrated how the structure and processes of COBIT affect the seven
categories of control environmental factors. The findings indicated that implementing
the COBIT framework provides managers and auditors with valuable guidance for
implementing or evaluating internal control systems.
Seven factors of the control environment component of the COSO have been identified
by Lamboglia et al. (2021) through a research study. This component provides the
foundation for the remaining four framework components. The main components
provide communication and information flow with moral guidance. For example, human
resource practices and policies follow an organization's behavioral guidelines and code

45
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

of conduct (Al-Swidi et al., 2021). Consequently, the environment of control may also
be viewed as an ethical conduct and environment. Rae et al. (2017) investigated the
connections between the COSO framework's components and their influence on the
monitoring function of organizations. The study concentrates on the five components of
an effective internal control system, as defined by the COSO framework 1992, which
have been recognized as crucial to ensuring the quality of CG. The findings suggest that
organizations can improve their CG practices by better comprehending the
interrelationships between COSO components, thereby achieving their operational,
financial reporting, and compliance objectives. Ettish et al. (2017) analyzed and
proposed methods for integrating multiple internal control frameworks to accomplish
effective corporate ITG. According to the current IT security and governance literature,
singular or multiple non-integrated frameworks are ineffective. In light of this, the study
employs a deductive methodology, draws on existing literature, and concentrates on
three well-known internal control frameworks (ERM, COSO, and COBIT5) to propose
an integrated framework that could aid organizations in achieving ITG more effectively
and efficiently.
An integrated framework is a system that links significant control objectives to strategic
business goals, taking ITG principles into account at both the strategic and operational
levels. This framework ensures that IT and business management share a common
understanding of the essential risk areas representing the organization's objectives. The
research indicates that implementing an integrated framework can eliminate redundant
controls and processes, enhancing ITG. The congruence of the framework with the
organization's objectives is crucial to achieving this result. The authors suggested that
businesses interested in improving their ITG adopt the proposed integrated framework
(Rubino et al., 2014b).
According to (Ha, 2019), after the most recent global financial crisis, Europe and the
United States were confronted with numerous bankruptcies, corporate controversies, and
significant evidence of inadequate audit, accounting, and risk management systems. In
addition, the study suggests that corporate governance is a requirement for stock
markets. In this regard, Manita et al. (2020) conducted a study that concluded that using
advanced technology and digitalization has enhanced the quality of auditing, the overall
audit system, and its role in the corporate governance mechanism. With the aid of big
data, auditing can now transition from a sampling method to a global analysis. Manita
et al. (2020) have also recommended that auditors concentrate on data analysis rather
than data collection. This study's findings indicate that advanced technologies have aided
auditors in conducting efficient and timely audits, and the researcher suggests revising
the traditional auditing methods and standards.
Muawanah (2020) analyzed the effect of CG on the efficacy of IT adoption in business
performance. The study measured IT adoption using two indicators: organizational
expenditures on IT and the level of IT administration within the organization. According
46
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

to the findings, a company's performance can be enhanced by implementing better CG

practices, which include IT guidance and supervision. Almaqtari et al. (2023) assessed
the role of ITG as an intermediary between CG mechanisms and business continuity, as
well as transparency and disclosure, during the COVID-19 pandemic in Jordan. Without
the mediating effect of ITG during the pandemic, the impact of CG mechanisms on
business continuity, transparency, and disclosure is diminished.
Dat et al. (2020) analyzed the impact of corporate governance in the information and
technology industry within the context of China in a related study. According to this
study, all relevant stakeholders, including shareholders, employees, supervisors, and
directors, should fulfill their roles and responsibilities to improve corporate governance.
Moreover, Al-Gamrh et al. (2018) discovered a positive relationship between corporate
governance and accounting performance. This study's findings also indicate that
corporate governance negatively affects an organization's economic performance. In
normal times, corporate governance can mitigate the negative effects of risk and
leverage on an organization's financial and accounting performance, according to the
authors. In this regard, Dina et al. (2020) have identified an active need for proactive
corporate governance in a business, especially for enhancing financial performance. In
this study, the researcher has utilized a meta-analysis to reconcile the research findings
and implement alternative theoretical approaches that go beyond the agency theory when
considering the development of a convergence agenda for corporate governance.
The most comprehensive component of the CG structure, CG is a beneficial starting
point. It involves the board of directors delegating, directing, and supervising
management to attain the organization's objectives. In contrast, AR, closely related to
CG, is the process by which management identifies and addresses uncertainties
(including risks and opportunities) that could impact the organization's ability to achieve
its goals. Control is an essential aspect of AR and entails the administration's actions to
reduce risks to an acceptable level. All three processes are geared toward achieving the
organization's goals. The board of directors is responsible for conducting the CG
process, whereas the administration is responsible for conducting the AR and control
processes. Board and administration support is required to implement CG, AR, and
control processes effectively. Organizations cannot achieve sustained success in
attaining their goals without effective AR, control, and CG processes. Therefore, the
board of directors and administration rely on one another to successfully implement CG,
AR, and control processes.
According to Amali et al. (2020), the information and technology sector has advanced
significantly in the current competitive era, and advanced technology has significantly
shaped and reshaped enterprises. Organizations are presently advancing in developing
and exploiting technology to advance good corporate governance, also known as IT
governance. The lack of resources and exhaustive requirements for using and analyzing
it can hinder the development of corporate governance and the achievement of
47
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

organizational objectives. In this regard, Amali et al. (2020) have utilized a combat
model for assessing and identifying the majority level after IT firms and the industry
have provided their services. The study has focused on the IT industry's support service
and delivery sector. In this study, the researcher acquired research data through
documentation observation and a survey questionnaire, and the study results indicate
that Level 3 is the predominant service level in the IT service industry. The COBIT
Framework is extensively used to evaluate the service level of Information and
technology organizations and industries. According to research conducted by Amali et
al. (2020) and Wagire et al. (2021), determining the maturity level of an IT organization
serves as a benchmark and aids in expanding and enhancing its services. Recent updates
were made to the COBIT framework in 2019. This updated model yields effective results
promptly. It also modifies the model's content and structure by introducing numerous
new features and updating the existing ones, such as the design factors that enable
dealing with the governance system and promoting better corporate governance;
numerous other features have also been introduced and updated (Steuperaert, 2019).
The auditing literature review has focused on internal control and the failures over
several decades in various areas, including company and accounting and auditing
failures. These failures have demonstrated the need for a deeper comprehension of
control systems. After decades of practical experience with failures in these areas, the
auditing literature has identified the absence of frameworks or standards for evaluating
the effectiveness of economic units in monitoring risks associated with financial
statement errors and preventing fraud as a crucial issue. The COSO framework addresses
the failures related to internal control systems by providing a set of standards for
evaluating the efficacy of internal control. In the United States, the integrated framework
of the Committee of Sponsoring Organizations (COSO) is the sole standard for assessing
Internal Control over Financial Reporting (ICFR). The researcher has therefore
formulated ten research hypotheses based on a comprehensive review of the literature
concerning the observed variables of the study.
H1: COBIT has a positive effect on CG.
H2: COBIT has a positive effect on AR.
H3: CG has a positive effect on AR.
H4: The integration of COBIT has a positive effect on AR under CG.
H5: COSO has a positive effect on CG.
H6: COSO has a positive effect on AR.
H7: The integration of COSO has a positive effect on AR under CG.
H8: The integration of COBIT and COSO positively affects CG.

48
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

H9: The integration of COBIT and COSO positively affects AR.

H10: The integration of COBIT and COSO positively affects AR under CG.

3. METHODOLOGY
These sections discuss the methods utilized in the current study, the sample size, and the
observed variables. Finally, the theoretical framework or model of the research is
presented.
The COBIT provides several advantages, such as e-banking, which enables banking
transactions using electronic devices to improve efficiency, quick service delivery
promptly, simple transactions, uninterrupted information flow, detection of fraudulent
practices, prompt responses, a lower error rate, and the provision of higher-quality
services. The Iraqi banking system operates with all indicators set following Basel 3 and
Central Bank requirements. These institutions serve as intermediaries between service
providers and financial service providers. Integrating COBIT and internal control
frameworks is crucial for institutions in the era of information technology. Banks must
be adaptable regarding integrating COBIT and internal control frameworks in
accordance with their aims and objectives for providing financial services.

4. SAMPLE
Per the Central Bank of Iraq's directives, Iraqi institutions have utilized COBIT
methodologies since 2019. After excluding banks under guardianship and banks not
applying the COBIT framework from 2019 to 2022, 30 Iraqi banks listed on the Iraq
Stock Exchange were selected from a community of 44 banks. The investigation
involved four variables. The first variable is the COBIT framework, which consists of
five domains: planning and organizing, acquiring and implementing, delivering and
supporting, and monitoring and evaluating processes.
The second variable, the COSO framework, consisted of the following five activities:
environment control, risk assessment, control activities, information and
communication, and monitoring. CG, the third variable, consists of five mechanisms:
the extent of the board of directors, its independence from the Chief Executive Officer
(CEO), the independence of its members, the audit committee, and the compensation
and nominations committee. The fourth variable, AR, is defined by ISA 400 as the
product of inherent, control, and detection risks. The measurement technique for each
variable was chosen based on the typical dimensions.
Figure 1 illustrates the relationship between the study variables, as COBIT and COSO
are independent variables, and CG and AR are approved variables.

49
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

COBIT

CG AR

COSO

Figure 1. The Model of Study

5. RESULTS AND DISCUSSIONS

5.1 Correlations Relationship
The study's results illustrate the relationship between the variables or the discriminant
validity. According to the results, the heterotrait-monotrait (HTMT) ratios are high. The
results demonstrated high discriminant validity and a strong correlation between
variables. The results are presented in Table 1.
Table 1. Correlations Relationship between the Variables
Correlations COBIT COSO AR CG
COBIT Correlation 1
Sig.
COSO Correlation 0.542** 1
Sig. 0.000
AR Correlation 0.514** 0.385** 1
Sig. 0.000 0.000
CG Correlation 0.383** 0.542** 0.396** 1
Sig. 0.000 0.000 0.000

6. MEASUREMENT MODEL ASSESSMENT

6.1 The Measurement for the First Model Assessment
This section investigates the relationship between variables, both individually and within
the proposed model, to demonstrate the model's validity in quantifying the integration
of the COSO and COBIT frameworks in AR via the mediating effect of CG. Figure 2
depicts the preliminary evaluation of the measurement model. The results indicate a
positive correlation between adopting COSO in H1, H2, and H3 and AR in the Iraqi
banking sector. In addition, the study discovered that the influence of COBIT on AR
was substantially influenced by an effective GC, which also supports H4.

50
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

Figure 2. The Measurement of the First Model Assessment

6.2 The Measurement for the Second Model Assessment
The results indicated a positive correlation between COSO's compliance with H5 and
H6, and AR in the Iraqi banking sector. Additionally, the study revealed that effective
CG substantially mediated the effect of COSO on AR in both H7 and H7. Although
COBIT had a greater impact on AR (: 0.41) than COSO (: 0.23), the mediation effect of
CG was stronger in the second model (: 0.3) for the relationship between the COSO
framework and AR than in the first model (: 0.27) for the relationship between COBIT
and Mohammed et al. (2021) reached the same conclusion regarding the relationship
between CG and AR. The relationship between COBIT and CG was examined following
Premuroso et al. (2007), Ho et al. (2011), and Muawanah (2020). However, the results
contradict other investigations, including Muawanah (2020)'s. Al-Taee & Flayyih
(2023)'s findings regarding the relationship between COBIT and CG are consistent with
our own.

Figure 3. The Measurement for the Second Model Assessment

51
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

According to Holm et al. (2007), the observed relationship between CG and AR is

consistent. Their study examined the incorporation of risk and control concepts into
contemporary CG. As for the study of the relationship between the COSO framework
and CG, the current study contradicts Abdurrahman (2021), who provided contradictory
results for the relationship between internal control and CG and the company's
performance.
6.3 The Measurement for the Third Model Assessment
Before reporting the main model analysis findings, assessing the model's goodness of fit
was essential. The results of the default model's root mean square error of approximation
(RMSEA) value (0.583) indicate that it was acceptable as its value falls between 0 and
1. These results are shown in Table 2.
Table 2. The Quality Measurement for the Tested Model
Model RMSEA LO 90 HI 90 PCLOSE
Default model 0.583 0.452 0.727 0.000
Independence model 0.417 0.362 0.475 0.000

Figure 4. Structural Primary Model Assessment

Figure 4 demonstrates a positive correlation between COBIT and COSO in the Iraqi
banking industry in H8 and H9, and AR. In addition, the results showed that the COBIT,

52
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

COSO, and AR of the banking sector in Iraq are substantially mediated by the efficient
GC, which also supports COBIT in H10. Table 3 enumerates the associations.
Table 3. The Relationship between Variables
Relationships F R2 P-Value
COBIT > CG 24.3 0.38 0.000
COBIT > AR 51.06 0.51 0.000
CG > AR 26.47 0.39 0.000
COBIT > CG > AR 18.72 0.32 0.000
COSO > CG 59.12 0.29 0.000
COSO > AR 24.72 0.39 0.000
COSO > CG > AR 21.72 0.33 0.000
COBIT & COSO > CG 30.96 0.55 0.000
COBIT & COSO > AR 28.72 0.41 0.000
COBIT & COSO > CG > AR 21.22 0.56 0.000

According to the table, there were ten hypotheses in the investigation. There were seven
direct hypotheses and six indirect ones. All direct hypotheses were accepted with a p-
value of 0.000; therefore, they are all significant at one hundred percent. Similarly, there
were three indirect mediation hypotheses, as the researcher examined the impact of
mediation on corporate governance as a mediator. The statistical analysis revealed that
these three hypotheses were also accepted with a p-value of 0.000; therefore, they are
also statistically significant at the 100% level. Therefore, there is a mediation of CG in
all models. As shown in Table 3, the value of F is greater than its tabular value for all
models. The results demonstrate that the independent variables affect the dependent
variables. The value of R2 can corroborate the magnitude of each model's effect. The
values vary according to the intensity of the interactions between the independent and
dependent variables. The P-value indicates that it was statistically significant across all
models.

7. CONCLUSION
This study aimed to evaluate the effects of integrating the COSO and COBIT
frameworks on CG and AR. The results pertain to the primary model test, and
relationships between the variables have been demonstrated. When the independent
variables were measured separately in the segmented model, the results indicated a
stronger relationship between the independent and dependent variables in the primary
model. These findings are especially intriguing because they suggest that Iraqi banks
have not effectively utilized CG mechanisms to support the implementation of control
frameworks, resulting in a lack of integration between them. Therefore, bank
management and board directors must aspire for ITG and internal control department
collaboration.
53
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

REFERENCES
Abdulhussein, A. S., Al-Refiay, H. A. N., & Wahhab, A. M. A. (2023). The Impact of
Internal Auditing on Corruption: Evidence from The Emerging Market. Journal
of Governance and Regulation/Volume, 12(1), 367-375. doi:
https://doi.org/10.22495/jgrv12i1siart15
Abdurrahman, A. (2021). Implementation of Internal Control Based on Coso
Framework and Good Corporate Governance on Company Performance: Case
Study at PT. Indonesian Sharia Reinsurance. Jurnal Ilmiah Mahasiswa
Akuntansi, 10(1), 1-10. doi: https://doi.org/10.33508/jima.v10i1.2779
Abdulakareem, N. A., & Mohammed, S. A. (2020). Extent of Iraqis oil companies
commitment to implement internal control procedures in accordance to updated
COSO framework (an applied study in Midland Oil Company). journal of
Economics And Administrative Sciences, 26(124).
https://www.iasj.net/iasj/article/195867
Aksoy, T., & Aksoy, L. (2020). Increasing importance of internal control in the light of
global developments, national and international standards and regulations.
Sayıştay Dergisi, 33(118), 9-40. Retrieved from
https://dergipark.org.tr/en/pub/sayistay/issue/61574/919303
Al-Gamrh, B., Ku Ismail, K. N. I., & Al-Dhamari, R. (2018). The role of corporate
governance strength in crisis and non-crisis times. Applied Economics, 50(58),
6263-6284. doi: https://doi.org/10.1080/00036846.2018.1489513
Al-Swidi, A. K., Gelaidan, H. M., & Saleh, R. M. (2021). The joint impact of green
human resource management, leadership and organizational culture on
employees’ green behaviour and organisational environmental performance.
Journal of Cleaner Production, 316, 128112. doi:
https://doi.org/10.1016/j.jclepro.2021.128112
Al-taee, S. H. H., & Flayyih, H. H. (2022). THE IMPACT OF THE AUDIT
COMMITTEE AND AUDIT TEAM CHARACTERISTICS ON THE AUDIT
QUALITY: MEDIATING IMPACT OF EFFECTIVE AUDIT PROCESS.
INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES,
13(3), 249–263. https://doi.org/10.34109/ijefs
Al-Taee, S. H. H., & Flayyih, H. H. (2023). Impact of the electronic internal auditing
based on IT governance to reduce auditing risk. Corporate Governance and
Organizational Behavior Review, 7(1), 94-100. doi:
https://doi.org/10.22495/cgobrv7i1p9
Almaqtari, F. A., Farhan, N. H., Yahya, A. T., Al-Dalaien, B. O. A., & Shamim, M.
(2023). The mediating effect of IT governance between corporate governance
mechanisms, business continuity, and transparency & disclosure: An empirical
study of Covid-19 Pandemic in Jordan. Information Security Journal: A Global
Perspective, 32(1), 39-57. doi: https://doi.org/10.1080/19393555.2022.2053001

54
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

Amali, L. N., Katili, M. R., Suhada, S., & Hadjaratie, L. (2020). The measurement of
maturity level of information technology service based on COBIT 5 framework.
Telkomnika (Telecommunication Computing Electronics and Control), 18(1),
133-139. doi: http://doi.org/10.12928/telkomnika.v18i1.10582
Balfe, C., Button, P., Penn, M., & Schwegman, D. J. (2023). Infrequent Identity Signals,
Multiple Correspondence, and Detection Risks in Audit Correspondence
Studies. Field Methods, 35(1), 3-17. doi:
https://doi.org/10.1177/1525822X211057623
Bentley-Goode, K. A., Newton, N. J., & Thompson, A. M. (2017). Business strategy,
internal control over financial reporting, and audit reporting quality. Auditing: A
Journal of Practice & Theory, 36(4), 49-69. doi: https://doi.org/10.2308/ajpt-
51693
Bozoklar, E., & Yilmaz, E. (2020). Research Areas and Suggestions for Sustainable
Manufacturing Systems. Paper presented at the Industrial Engineering in the
Digital Disruption Era: Selected papers from the Global Joint Conference on
Industrial Engineering and Its Application Areas, GJCIE 2019, September 2-3,
2019, Gazimagusa, North Cyprus, Turkey: Springer, 63-72. doi:
https://doi.org/10.1007/978-3-030-42416-9_7
Braim, S. J., & Mohammed, R. B. (2023). The (COSO) Framework: Implications of
Internal Control Components on the Performance Manufacturing Companies.
Qalaai Zanist Journal, 8(1), 1203-1227. doi:
https://doi.org/10.25212/lfu.qzj.8.1.48
Cereola, S. J., & Cereola, R. J. (2011). Breach of data at TJX: An instructional case used
to study COSO and COBIT, with a focus on computer controls, data security,
and privacy legislation. Issues in Accounting Education, 26(3), 521-545. doi:
https://doi.org/10.2308/iace-50031
D'Aquila, J. (2013). COSO's internal control integrated framework updating the original
concepts for today's environment. The CPA Journal, 83(10), 22. Retrieved from
https://www.proquest.com/openview/324c319a40ddaac143d50bcb7780e24d/1?
pq-origsite=gscholar&cbl=41798
Dat, P. M., Mau, N. D., Loan, B. T. T., & Huy, D. T. N. (2020). Comparative China
Corporate Governance Standards after Financial Crisis, Corporate Scandals and
Manipulation. Journal of Security & Sustainability Issues, 9(3), 932-942. doi:
https://doi.org/10.9770/jssi.2020.9.3(18)
Debreceny, R. S. (2013). Research on IT governance, risk, and value: Challenges and
opportunities. Journal of Information Systems, 27(1), 129-135. doi:
https://doi.org/10.2308/isys-10339
Dina, Q. A., Aristi, M. D., & Rodiah, S. (2020). The Role of Good Corporate
Governance in Moderating the Influence of Profitability, Leverage, and
Corporate Social Responsibility (CSR) on Company Value. Jurnal Akuntansi
Dan Ekonomika, 10(1), 139-148. doi: https://doi.org/10.37859/jae.v10i1.1992

55
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

Ettish, A. A., El-Gazzar, S. M., & Jacob, R. A. (2017). Integrating internal control
frameworks for effective corporate information technology governance.
JISTEM-Journal of Information Systems and Technology Management, 14, 361-
370. doi: https://doi.org/10.4301/S1807-17752017000300004
Felo, A. J., & Solieri, S. A. (2023). The Influence of Tone at the Top, Tune in the Middle,
and Self-concept Maintenance on Financial Reporting Decisions. In Research on
Professional Responsibility and Ethics in Accounting (Vol. 25, pp. 25-50):
Emerald Publishing Limited, 25-50. doi: https://doi.org/10.1108/S1574-
076520230000025002.
Ha, T. T. H. (2019). Modern corporate governance standards and role of auditing-cases
in some Western european countries after financial crisis, corporate scandals and
manipulation. International Journal of Entrepreneurship, 23(1S). Retrieved
from http://digital.lib.ueh.edu.vn/handle/UEH/61754
Ho, J. L., Wu, A., & Xu, S. X. (2011). Corporate governance and returns on information
technology investment: Evidence from an emerging market. Strategic
Management Journal, 32(6), 595-623. doi: https://doi.org/10.1002/smj.886
Holm, C., & Laursen, P. B. (2007). Risk and control developments in corporate
governance: changing the role of the external auditor? Corporate Governance:
An International Review, 15(2), 322-333. doi: https://doi.org/10.1111/j.1467-
8683.2007.00563.x
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management: Kogan Page Publishers. Retrieved
from
https://books.google.ae/books?hl=en&lr=&id=bzFiDwAAQBAJ&oi=fnd&pg=
PP1&dq=Hopkin
Hubbard, L. D. (2003). Understanding internal controls: auditors who can accurately
interpret COSO's internal control framework offer great value to management.
Internal Auditor, 60(5), 23-25. Retrieved from
https://go.gale.com/ps/i.do?id=GALE%7CA110222002&sid
Janvrin, D. J., Payne, E. A., Byrnes, P., Schneider, G. P., & Curtis, M. B. (2012). The
updated COSO Internal Control—Integrated Framework: Recommendations and
opportunities for future research. Journal of Information Systems, 26(2), 189-
213. doi: https://doi.org/10.2308/isys-50255
Lamboglia, R., & Mancini, D. (2021). The relationship between auditors’ human capital
attributes and the assessment of the control environment. Journal of
Management and Governance, 25, 1211-1239. doi:
https://doi.org/10.1007/s10997-020-09536-8
Manita, R., Elommal, N., Baudier, P., & Hikkerova, L. (2020). The digital
transformation of external audit and its impact on corporate governance.
Technological Forecasting and Social Change, 150, 119751. doi:
https://doi.org/10.1016/j.techfore.2019.119751

56
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

Martin, K., Sanders, E., & Scalan, G. (2014). The potential impact of COSO internal
control integrated framework revision on internal audit structured SOX work
programs. Research in Accounting Regulation, 26(1), 110-117. doi:
https://doi.org/10.1016/j.racreg.2014.02.012
Mohammed, M. A., Al-Abedi, T. K., Flayyih, H. H., & Mohaisen, H. A. (2021). Internal
Control Frameworks and Its Relation with Governance and Risk Management:
An Analytical Study. Estudios de Economía Aplicada, 39(11), 18. Retrieved
from https://www.researchgate.net/profile/Hakeem-
Flayyih/publication/356223856
Muawanah, U. (2020). Information technology adoption, corporate governance, and
bank performance. Journal of Information Systems Engineering and Business
Intelligence, 4(1), 11-17. doi: http://dx.doi.org/10.20473/jisebi.4.1.11-17
Nikolovski, P., Zdravkoski, I., Menkinoski, G., Dicevska, S., & Karadjova, V. (2016).
The concept of audit risk. International Journal of Sciences: Basic and Applied
Research (IJSBAR), 27(1), 22-31. Retrieved from
https://eprints.uklo.edu.mk/id/eprint/3074
Oakman, J., Kinsman, N., Stuckey, R., Graham, M., & Weale, V. (2020). A rapid review
of mental and physical health effects of working at home: how do we optimise
health? BMC Public Health, 20, 1-13. doi: https://doi.org/10.1186/s12889-020-
09875-z
Premuroso, R. F., & Bhattacharya, S. (2007). Is there a relationship between firm
performance, corporate governance, and a firm's decision to form a technology
committee? Corporate Governance: An International Review, 15(6), 1260-1276.
doi: https://doi.org/10.1111/j.1467-8683.2007.00645.x
Rae, K., Sands, J., & Subramaniam, N. (2017). Associations among the five components
within COSO internal control-integrated framework as the underpinning of
quality corporate governance. Australasian Accounting, Business and Finance
Journal, 11(1), 28-54. doi: http://dx.doi.org/10.14453/aabfj.v11i1.4
Rashid, A., & Ghazi, M. S. (2021). Factors affecting Sharīʿah audit quality in Islamic
banking institutions of Pakistan: a theoretical framework. Islamic Economic
Studies, 28(2), 124-140. doi: https://doi.org/10.1108/IES-07-2020-0025
Roussy, M., Barbe, O., & Raimbault, S. (2020). Internal audit: from effectiveness to
organizational significance. Managerial Auditing Journal, 35(2), 322-342. doi:
https://doi.org/10.1108/MAJ-01-2019-2162
Rubino, M., & Vitolla, F. (2014a). Corporate governance and the information system:
how a framework for IT governance supports ERM. Corporate Governance,
14(3), 320-338. doi: https://doi.org/10.1108/CG-06-2013-0067
Rubino, M., & Vitolla, F. (2014b). IT governance, Risk Management and Internal
Control System: the role of the COBIT framework. Paper presented at the
International OFEL Conference on Governance, Management and
Entrepreneurship: Centar za istrazivanje i razvoj upravljanja doo, 174. Retrieved
from
57
 INTERNATIONAL JOURNAL OF ECONOMICS AND FINANCE STUDIES
Vol: 15 No: 02 Year: 2023 ISSN: 1309-8055 (Online) (pp. 40-58) Doi: 10.34109/ijefs. 202315203

https://www.proquest.com/openview/e02480660f9e119e57bfe0eb1e96c9b0/1?
pq-origsite=gscholar&cbl=2035019
Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance
framework on the internal control environment. Records Management Journal,
27(1), 19-41. doi: https://doi.org/10.1108/RMJ-03-2016-0007
Savage, A., Norman, C. S., & Lancaster, K. A. (2008). Using a movie to study the COSO
internal control framework: An instructional case. Journal of Information
Systems, 22(1), 63-76. doi: https://doi.org/10.2308/jis.2008.22.1.63
Simmons, M. R. (1997). COSO based auditing. Internal Auditor, 54(6), 68-73. Retrieved
from
https://go.gale.com/ps/i.do?id=GALE%7CA20332303&sid=googleScholar&v=
2.1&it=r&linkaccess=abs&issn
Steuperaert, D. (2019). COBIT 2019: A Significant Update. EDPACS, 59(1), 14-18. doi:
https://doi.org/10.1080/07366981.2019.1578474
Talab, H. R., & Flayyih, H. H. (2023). An Empirical Study to Measure the Impact of
Information Technology Governance Under the Control Objectives for
Information and Related Technologies on Financial Performance. International
Journal of Professional Business Review: Int. J. Prof. Bus. Rev., 8(4), 25.
Retrieved from https://dialnet.unirioja.es/servlet/articulo?codigo=8956086
Taylor, M. H. (2000). The effects of industry specialization on auditors' inherent risk
assessments and confidence judgements. Contemporary Accounting Research,
17(4), 693-712. doi: https://doi.org/10.1506/3LDH-AV52-0F4W-H4BB
Thabit, T., Solaimanzadah, A., & Al-abood, M. T. (2017). The effectiveness of COSO
framework to evaluate internal control system: the case of kurdistan companies.
Cihan International Journal of Social Science, 1(1), 44. Retrieved from
https://ssrn.com/abstract=3168888
Wagire, A. A., Joshi, R., Rathore, A. P. S., & Jain, R. (2021). Development of maturity
model for assessing the implementation of Industry 4.0: learning from theory and
practice. Production Planning & Control, 32(8), 603-622. doi:
https://doi.org/10.1080/09537287.2020.1744763
Yeoh, P. (2019). Corporate governance codes in the UK: The risk of over-reliance.
Business Law Review, 40(1), 19-27. Retrieved from
https://heinonline.org/HOL/LandingPage?handle=hein.kluwer/blr0040&div=7
&id=&page=

58