Auditing using COBIT IT Assurance Guide

In COBIT, there is this thing called "IT Assurance Guide".
As an IT auditor, you can also used it during the audit execution stage.

Some of the components of IT Assurance Guide and the idea behind it:-

• Value Drivers = what value can we add to the process
  
• Risk Drivers = what can go wrong in the process
  
• Test the Control Design = Identify controls in place
  
• Test the Outcome of the Control Objective = Compliance Testing, if the control is in place-test whether it is working or not
  
• Document the Impact of Control Weaknesses = Substantive Testing, if there is no control or control is not working, how serious is the impact (the substance).