This resource is no longer available
IT audit is about the formal verification and validation of the quality and effectiveness of IT
controls to support the overall business control objectives. From a security control
perspective the residual IT security risks are relatively well understood in a network
perimeter protected environment. This perimeter-based protection model has led to an IT
audit practice that has matured into given sets of frameworks, methodologies, approaches,
and models with certain sets of assumptions. CobiT (Control Objectives for Information and
Related Technology) represents such maturity in IT control frameworks and is commonly
referenced among IT auditors.