Which statement best describes the primary focus difference between COSO and COBIT?

Internal controls versus IT governance explains the difference. COSO is a framework aimed at establishing and assessing internal controls across the organization, with a clear emphasis on reliable financial reporting and compliance. It covers aspects like the control environment, risk assessment, control activities, information and communication, and monitoring to ensure corporate processes support accurate financial statements and regulatory requirements. COBIT, by contrast, is built to govern and manage enterprise IT, helping the business align IT processes with overall goals and deliver value from technology through governance structures and measurement. So the statement that COSO targets corporate internal and financial controls captures its primary focus. The other options misplace COSO or overstate the role of IT governance across both frameworks, since COSO isn’t primarily about IT governance and COBIT specifically targets IT governance rather than broad, all-encompassing areas.