Information Technology Control Frameworks Overview

Instructor: Martin Gibbs

Martin has 16 years experience in Human Resources Information Systems and has a PhD in Information Technology Management. He is an adjunct professor of computer science and computer programming.

Controls are vital in information technology. They help ensure data integrity and compliance, and are useful assets to use when auditing. This lesson will provide an overview of controls and control frameworks.

Information Technology Control Frameworks

As a potential auditor, it's important to understand IT controls. Organizations may or may not have proper controls in place to prevent unauthorized access.

In Information Technology, we use controls as a check on processes. These can be physical (security cameras, badges, etc.) or logical (part of the software). The following example shows how a logical control works to support a business requirement and control the separation of duties.

Sue is a programmer and has developed a program for release. Sue cannot push the updated program to production; Don must migrate the code to production. But Don cannot edit the source code of the program. While this system may seem restrictive, it really keeps things in check.

As part of the logical control, the system would function so that Sue doesn't even see the button to migrate to production; accordingly, Don's screen would not have the edit source code button. This control is defined both in the physical structure of the organization and in the computer logic of the system.

Other logical controls would include some of the following: tools for checking totals and record counts of data; exception report generation; edits on input fields to ensure proper data entry; database access restrictions; and logging of access.

Take a look at the following snippet from a process flow. The yellow boxes indicate a control number. These would be in place every time the process lands on the given step.

Controls in process flow

A control framework is a grouping of these controls: it's an overview of what should happen but not the detail of the implementation. Our example of separation of duties is only a part of the larger set of controls that would be present in the organization's IT infrastructure.

There are two key standards that organizations follow: COBIT and eSAC. Keep in mind that these are guidelines for your framework; you are still responsible for implementing the controls within the framework! They don't tell you what to do, but how to do it.


The COBIT framework is used for governance of enterprise IT implementations. The acronym COBIT stands for Control Objectives for Information and Related Technology, and the most recent iteration is COBIT 5.

COBIT focuses on aligning the organizational strategy with the IT strategy, with focus on regulatory compliance and risk management. Technology has permeated all aspects of our lives and our organizations. Because of that, the COBIT 5 framework takes a full-organization view and works to align business and IT strategy. Regardless of organization, part of that strategy is the reduction of risk, and the compliance with applicable laws and regulations.

COBIT Principles

There are five core principles that COBIT focuses on in order to reduce risk and align business and IT:

  • Meet stakeholder needs
  • Cover entire organization
  • Separate management and governance
  • Use a holistic approach to IT/business
  • An integrated framework

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account