This is my first post to the forum, and definitely not my last.
I'd like to point out COBIT. We sometimes use it as a standard for our IT security assessments on banks and credit unions. It is internationally accepted and is very popular among fellow auditors. Here is a link with some more information.
COBITThey offer much of their information for free, so keep an eye out.