See ISO standards on risk management (www.iso.org/iso/home/standards/iso31000.htm)
COSO Understanding and communicating risk appetite (www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20Appetite-WEB_FINAL_r9.pdf)
See the COSO website (www.coso.org/-erm.htm)
Both ISACA and IIA provide books and other resources on cyber security: What the Board of Directors Needs to Ask
Summary of world data protection legislation – see http://dlapiperdataprotection.com/#handbook/world-map-section
UK Cyber essentials summary – www.gov.uk/government/publications/cyber-essentials-scheme-overview
See also APM A Guide to Integrated Assurance.
Lots of resources available from Business Continuity Institute – see www.thebci.org.
Good Practice Guidance Delivering Audit Assignments: A Risk-based Approach, November 2005 (available online)
The American Institute of CPA’s (AICPA) AU-C Section 300 Planning an Audit, Source: SAS No. 122; SAS No. 128
ISACA website: www.isaca.org
(ISC)2 website: www.isc2.org
ITGP also offers resources and training: see www.itgovernance.co.uk