Are the Control Objectives linked to the Audit Guidelines and to what degree?
Objectives have been developed from a process orientation because management is looking for pro-active advice on how to address the issue of keeping IT under control. Balancing cost and risk is the next issue to address (i.e., making a conscious choice of how and whether to implement each control objective). Future COBIT products will thoroughly address this choice, even though the pro-active principle remains – control objectives should be applied in the first place to achieve an information control criteria (effectiveness, efficiency, confidentiality, availability, integrity, compliance and reliability). The link is the process. The control objectives help management establish control over the process, the audit guidelines assist the auditor or assessor by providing assurance that the process is actually under control such that the information requirements necessary to achieve business objectives will be satisfied. In reference to the control framework represented by the waterfall mo
