Consolidating and aligning guidance on IT audit with ISSAI 100

Summary

Working title: Guidelines on Information Systems’ Security Audit, including Cyber Security (Earlier ISSAI 5310)

The project aims at creating a relevant GUID for use by field Audit practitioners, with the objectives of executing the following processes

  1. Aligning the guidance with ISSAI 100 and the revised GUID 5300
  2. Identification of universe of information systems assets in use by audited entity
  3. Identification of potential threats and counter measures for mitigation and avoidance of risk exposure to assets
  4. Evaluation of internal controls already adopted by audited entity
  5. Risk Analysis, quantified in terms of risk exposure determined by combination of criticality of information asset(s) and business impact of failure
  6. Issue of recommendations, based on computed risk exposure

IFPP Category

INTOSAI Guidance

Evolution

  • Project Proposal
  • Preparing Exposure Draft
  • Open for comments
  • Analysing Comments
  • Preparing Endorsement Version
  • Endorsement Version

Project proposal

Document
Project proposal Download

Exposure Draft

Document Comments Received Action
Exposure draft 0 Comments are closed
GUID 5101 Guidance in audit of security of information systems – Exposure Draft Download
GUID 5101 Guidance in audit of security of information systems – Explanatory Memorandum Download

Endorsement Version

Document

Actions

Follow for updates