Are the control objectives linked to the IT Assurance Guide and to what degree?
Objectives have been developed from a process orientation because management is looking for proactive advice on how to address the issue of keeping IT under control. Balancing cost and risk is the next issue to address (i.e., making a conscious choice of how and whether to implement each control objective). The link is the process. The control objectives help management establish control over the process. The IT Assurance Guide testing steps assist the auditor or assessor by providing assurance that the process is actually under control, such that the information requirements necessary to achieve business objectives will be satisfied. In reference to the control framework represented by the waterfall model, the testing steps can be seen as providing the feedback from the control processes back to the business objectives. The control objectives are the guide going down the waterfall to get the IT process under control. The IT Assurance Guide testing steps are the guide for going back up
