The objectives of the audit are to assess whether: i. Cybersecurity and IT governance frameworks (including cloud governance, AI governance, data governance, and other relevant digital governance components) are adequately designed and effectively implemented. ii. Key risks relating to cybersecurity and digital governance are adequately identified, assessed, and managed. iii. Cybersecurity and digital governance controls are operating effectively. iv. Monitoring and reporting processes for cybersecurity and digital governance are adequate. v. ITU has adequate visibility, accountability, and resilience action plans against cyber threats. The audit shall not be limited to a technical or compliance-only review but shall include a risk-based assessment focused on control effectiveness and residual risk.