@blair.charleville
I think of it as risk based, so rather than setting targets on controls, you have a risk threshold that you work to meet until the risk is reduced to an acceptable level, this means you would continue to improve your controls overtime, increasing maturing to reduce the risk. The target is the risk appetite.
I understand about your thought relating to eramba mapping policy, proceedure etc, In my mind that is more about the maturity of the management system. I am really focussed on the control maturity (annex A in iso 27001), you could have a very basic procedure mapped to your control, like checking user access, via a manual ad-hoc process, you then mature that process, to be automated, following that you introduce metrics etc, as you can see, the procedure is present in all cases, its just the level of details/maturity which improves.