Further Reading and Resources – Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors


Chapter 1

See ISO standards on risk management (www.iso.org/iso/home/standards/iso31000.htm)

COSO Understanding and communicating risk appetite (www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20Appetite-WEB_FINAL_r9.pdf)

Chapter 2

See the COSO website (www.coso.org/-erm.htm)

Chapter 3

See www.iia.org.uk/about-us/what-is-internal-audit/

Chapter 5

Both ISACA and IIA provide books and other resources on cyber security: What the Board of Directors Needs to Ask

Chapter 6

Summary of world data protection legislation – see http://dlapiperdataprotection.com/#handbook/world-map-section

UK Cyber essentials summary – www.gov.uk/government/publications/cyber-essentials-scheme-overview

Chapter 7

See also APM A Guide to Integrated Assurance.

Chapter 8

Lots of resources available from Business Continuity Institute – see www.thebci.org.

Chapter 10

Good Practice Guidance Delivering Audit Assignments: A Risk-based Approach, November 2005 (available online)

The American Institute of CPA’s (AICPA) AU-C Section 300 Planning an Audit, Source: SAS No. 122; SAS No. 128

Chapter 11

ISACA website: www.isaca.org

(ISC)2 website: www.isc2.org

ITGP also offers resources and training: see www.itgovernance.co.uk