Organizations subject to Sarbanes-Oxley Act of 2002 are encouraged to adopt COBIT and/or the Committee of Sponsoring Organizations of the Treadway Commission (COSO) "Internal Control - Integrated Framework. In choosing which framework to implement control and joined the Sarbanes-Oxley, the U.S. Commission U.S. Securities and Exchange suggests that organizations use the COSO framework.

COSO Internal Control - Integrated Framework states that internal control is a process - established by the Board of Directors, management and other personnel - designed to ensure the achievement of stated objectives. COBIT IT looks to the control through the information - not just financial information - but necessary to support the business requirements and the associated IT resources and processes. The control objectives of COSO focus on effectiveness, the efficiency, reliability of financial reports and sull'aderenza laws and regulations. These two frameworks are aimed at different roles, in particular COSO is useful for a more complete business management, while COBIT is focused on IT management, in fact it is more IT-oriented controls. Despite these differences, we should not expect that there is a unique relation between (5) five control components of COSO and (4) four domains of COBIT.