Inside INTOSAI

GUID 5101 on Information Systems Security Audit Seeks Comments on Exposure Draft by 3 June 2024

May 2, 2024

SAI India has been leading the project team for the development of GUID 5101 on Information Systems Security Audit, based on an approved Project Proposal. The Exposure Draft of GUID 5101 and the Explanatory Memorandum on the GUID is now available on issai.org to seek feedback on the drafts from INTOSAI community. Please provide comments no later than 3 June 2024.

The documents and portal to comment can be accessed on issai.org by following the link below:

The purpose of this project is to supplement GUID 5100 (Audit of Information systems) by providing additional guidance on Audit of Information security, consistent with the Fundamental Principles of Public Sector Auditing (ISSAI 100) as well as with the Compliance Audit Principles (ISSAI 400).

The project aims to provide specific and additional guidance for the compliance audit of information security (including cyber security), covering audit of information security, being taken up either as a distinct compliance audit or as part of a larger compliance audit engagement to see whether the IT management meets the necessary standards and requirements for IT security.

The project would support auditors in understanding how to apply the relevant ISSAIs for the subject matter of security of information systems during the planning, conducting, reporting and follow-up stages of the audit process.

To learn more about commenting on exposure drafts, visit this link, and watch the video below: