IT Audit Bytes - IT Control Frameworks 0.5 CPE

An internal control framework is a structured guide that organizes and categorizes expected controls or control topics. Some organizations design control frameworks for general purposes, like the COSO internal control framework, while others are more specific, such as the COBIT IT Control framework. Frameworks help the organization design control procedures that create and preserve value while minimizing risk. This session describes the major IT frameworks and their use cases.

This course is a part of IT Audit Bytes series. The other Segments of this series are:

1. IT Audit Bytes - Access Control
2. IT Audit Bytes - Backup and Recovery
3. IT Audit Bytes - Change Management
4. IT Audit Bytes - Cybersecurity
5. IT Audit Bytes - Data Loss Prevention
6. IT Audit Bytes - Disaster Recovery and BCP
7. IT Audit Bytes - IT Control Frameworks
8. IT Audit Bytes - Job Monitoring
9. IT Audit Bytes - Logging and SEIM
10. IT Audit Bytes - Network Security and Detection
11. IT Audit Bytes - Password Management
12. IT Audit Bytes - Physical Security
13. IT Audit Bytes - Provisioning and Deprovisioning
14. IT Audit Bytes - SDLC Controls
15. IT Audit Bytes - Security Awareness Training
16. IT Audit Bytes - Separation of Duties Controls
17. IT Audit Bytes - SOC Reports
18. IT Audit Bytes - Strategy and Governance
19. IT Audit Bytes - Third-Party IT Risk Management (TPRM)

Prerequisites

Learning Objective

• Identify and contrast the major IT control frameworks.
• Describe the use cases for the major IT control framework.
• Identify and list the steps for auditing with an IT control framework.

Last updated/reviewed: March 16, 2025