O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

1.6. CobiT

Understanding the concept of the control objectives is a necessary part of your audit planning and fieldwork efforts. Introduced in 1996, Control Objectives for Information and Technology (CobiT) is the single most revolutionary concept introduced by ISACA in recent years. Now in its third version, CobiT has implications that you will need to fully understand and become familiar with using in order to be successful as an IS auditor. Parts of CobiT are now considered to be an open standard for widespread use and adoption as an audit tool. CobiT is a catalog of control objectives that is divided into four domain areas. There are 34 high-level control objectives, which are broken down into 318 specific control objectives and defined to support this framework. A high-level view of the CobiT Framework is depicted in Figure 1.2

Figure 1.2. CobiT framework.

The control objectives are laid out into 34 naturally grouped sets of processes for which key and detailed level control objectives have been defined. A control objective can be defined as a goal that ensures that some set of risks does not occur. Control objectives almost can be thought of as the inverse of a risk. If a risk is the potential that something bad can happen, then a control objective ensures that the risk does not materialize. Looking at control objectives this way quickly enables you to get a catalog of ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required