1 / 7

Progress Report GUID on Information System Security Audit

This progress report outlines the development stages and objectives of the GUID on Information System Security Audit project. It highlights the alignment with ISSAI 100 and revised GUID on IT Audit, identification of information systems assets, evaluation of internal controls, and issuance of recommendations.

elmos
Download Presentation

Progress Report GUID on Information System Security Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Progress Report GUID on Information System Security Audit A presentation by SAI India for 28th INTOSAI WGITA-Fiji

  2. Background • Project part of IFPP SDP 2017-19 • “2.8 -Consolidating and aligning guidance on IT Audit with ISSAI 100” • Revise ISSAI 5310 (2016) as “Guidelines on Information Systems Security Audit” • Rename as GUID 5101 in IFPP • Include new section on Cyber Security • IFPP reserves 5100 - 5109 series for guidanceon IT Audit • Approved Project Duration: • 10.10.2017 to 15.09.2019 (24 months) • Project in line with FIPP deadline for submission before XXIII INCOSAI • Members of Project Team • Lead: SAI India • Members: China, Ecuador, Iraq, Kiribati, Poland, USA, ISACA Development of GUID on Information System Security Audit

  3. Project Objectives • Align guidance with ISSAI 100 and revised GUID on IT Audit • Identify universe of information systems assets in use by audited entity • Identify potential threats and counter measures for mitigation and avoidance of risk exposure to assets • Evaluate internal controls already adopted by audited entity • Analyse Risk, quantified in terms of risk exposure • Issue recommendations, based on computed risk exposure • To be a bridge between WGITA IDI IT AuditHandbook and Standards Development of GUID on Information System Security Audit

  4. GUID 5101: Project methodology – Drafting Process • Developed keeping in mind the FIPP’s requirements: • Not be voluminous • Not be too technical and focus more on audit issues of IT Security • Stand test of time and not require frequent update • Follows Due Process for Professional Pronouncements. • ISACA involved, as part of the Project Team and their inputs factored into the Exposure Draft • Inputs from CAS, PAS and FAS taken in developing the exposure document. • FIPP’s drafting convention for GUID followed. Development of GUID on Information System Security Audit

  5. Project Stages and Status: GUID 5101 • Stage-1: Project Initiation Document • approved by WGITA in August 2017; by Chair, KSC in September 2017; and by FIPP in October 2017. • Stage-2: Exposure Draft • Completed in Sept, 2018; circulated to members for comments. • Approved by Chair, KSC, and FIPP in November 2018. • Uploaded on www.issai.org; deadline for comments 24 April 2019. • Stage-3: Endorsement Version • to FIPP for August 2019 meeting; based on the comments received. • Stage-4: Final GUID 5101 • Will be submitted for approval of INCOSAI 2019 Development of GUID on Information System Security Audit

  6. Proposal before WGITA • Members requested to: • to take note of the Progress Report • provide comments on the exposure draft before the due date of 24th April 2019 • Draft GUID available on www.issai.org for comments. Development of GUID on Information System Security Audit

  7. Thank You

More Related