CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionControls
Control Objective
A statement of what a control aims to ensure.
A control objective describes in one sentence what the control must achieve: 'Ensure that [outcome]'. It serves as a reference for evaluating design and operating effectiveness. It is the central element of any GRC control inventory. COBIT 2019 structures all IT governance in hierarchical control objectives. A well-formulated control objective specifies: the risk it addresses, the relevant financial or operational assertion, and the expected execution frequency.
📌 Key points
- Standard formulation: 'Ensure that [expected outcome] in order to [risk addressed]'
- Linked to one or more financial assertions (existence, completeness, accuracy...)
- Serves as the criterion for both design testing and operating effectiveness testing
- COBIT 2019 organizes 40 IT governance and management objectives
- A poorly formulated control objective is the primary cause of ineffective audit tests
Related certifications
These certifications cover the concept of "Control Objective" in depth.
CIA· IIA
Certified Internal Auditor (IIA, 3 Parts)
The IIA CIA certification covers this concept in Part 1 (framework, IPPF) and Part 2 (audit practice). 60+ lessons and 1,258 original questions.
🔗 Related concepts
ControlsControlsFrameworksComplianceRisk
Control Deficiency
A flaw in the design or operation of an internal control.
IT General Controls (ITGC)
Foundational controls supporting the reliability of information systems.
COBIT
An IT governance and management framework published by ISACA.
SOX Compliance
Requirements of the Sarbanes-Oxley Act to prevent financial statement fraud.
Inherent Risk
The level of risk before any controls or mitigations are applied.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.