Revised Draft INTOSAI GUID 5101 – Guidance on Audit of Information security

Summary

Project aim

The purpose of this project is to supplement GUID 5100 (Audit of Information systems) by providing additional guidance on Audit of Information security, in consistence with the Fundamental Principles of Public Sector Auditing (ISSAI 100) as well as with the Compliance Audit Principles (ISSAI 400).

The project aims to provide specific and additional guidance for the compliance audit of information security (including cyber security), covering audit of information security, being taken up either as a distinct compliance audit or as part of a larger compliance audit engagement to see whether the IT management meets the necessary standards and requirements for IT security.

The project would support auditors in understanding how to apply the relevant ISSAIs for the subject matter of security of information systems during the planning, conducting, reporting and follow-up stages of the audit process.

IFPP Category

INTOSAI Guidance

Evolution

  • Project Proposal
  • Preparing Exposure Draft
  • Open for comments
  • Analysing Comments
  • Preparing Endorsement Version
  • Endorsement Version

Project proposal

Document
Project proposal Download

Exposure Draft

Document Comments Received Action
Exposure draft 0 Leave a comment
Exposure Draft INTOSAI GUID 5101 – Guidance on Audit of Information security Download
Explanatory Memorandum on Exposure Draft GUID 5101 Download

Endorsement Version

Document

Actions

Follow for updates