Information Systems Audit and Control

There is no solution that applies to every problem, and what may be the best approach in one circumstance may be precisely the worst in another. -- Weinberg 1982 (Rethinking systems analysis and design) --

[HOME]

Information Systems Security

Next Gen Internet

Information Systems Audit and Control

Definitions

Control - is defined as the policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.

IT Control Objective - is defined as a statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity.

IT Governance - is defined as a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes.

    Reference:
  1. CobIT 3rd Edition, Executive Summary July 2000, ISACA.