CONDUCTING AUDITS AND ASSESSMENTS is challenging in the absence of a standard against which to audit or assess. Two concepts that are helpful include control objectives and control activities. Control objectives, despite the rapid evolution of technology, remain mostly constant. These tend to be high level and describe the goal for the organization. Control activities provide details on how to achieve the goals of the relevant control objective. There is no such thing as a one-size-fits-all framework or standard. Frameworks and standards simply provide the building blocks and guidance needed for organizations to tailor them to their specific needs. They are useful for guiding the control objectives ...