Revised Draft INTOSAI GUID 5101 – Guidance on Audit of Information security


Project aim

The purpose of this project is to supplement GUID 5100 (Audit of Information systems) by providing additional guidance on Audit of Information security, in consistence with the Fundamental Principles of Public Sector Auditing (ISSAI 100) as well as with the Compliance Audit Principles (ISSAI 400).

The project aims to provide specific and additional guidance for the compliance audit of information security (including cyber security), covering audit of information security, being taken up either as a distinct compliance audit or as part of a larger compliance audit engagement to see whether the IT management meets the necessary standards and requirements for IT security.

The project would support auditors in understanding how to apply the relevant ISSAIs for the subject matter of security of information systems during the planning, conducting, reporting and follow-up stages of the audit process.

IFPP Category

INTOSAI Guidance


  • Project Proposal
  • Preparing Exposure Draft
  • Open for comments
  • Analysing Comments
  • Preparing Endorsement Version
  • Endorsement Version

Project proposal

Project proposal Download

Exposure Draft

Document Comments Received Action
Exposure draft 0 Leave a comment
Exposure Draft INTOSAI GUID 5101 – Guidance on Audit of Information security Download
Explanatory Memorandum on Exposure Draft GUID 5101 Download

Endorsement Version



Follow for updates