12. Internal Control: Internal control, as defined in accounting and auditing, is a process for assuring achievement of an
organization's objectives in operationaleffectiveness and efficiency, reliable financial reporting, and compliance with
laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an
organization.[1]
20. Audit Phases
Audit Phase Description
Audit subject Identify the area to be audited
Audit objective Identify the purpose of the audit.
Audit scope Identify the specific systems, function or
unit of the organization to be included in the
review.
Preaudit
planning
• Identify technical skills and resources needed.
• Identify the sources of information for test or review such as functional flow charts,
policies, standards, procedures and prior audit workpapers.
• Identify locations or facilities to be audited
Data Gathering • Audit approach to verify and test the controls
• Audit tools and methodology to test and verify control
Audit Report • Identify follow-up review procedures
Review and evaluate the soundness of
documents, policies and procedures
23. COBIT 5: Governance and Management
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and
options; setting direction through prioritisation and decision making; and monitoring performance, compliance and
progress against agreed-on direction and objectives (EDM).
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance
body to achieve the enterprise objectives (PBRM).