ISMS controls refer to Finance

Broadly speaking, you can consider these controls:

• A.6.1.2 Segregation of duties
• A.8.2.1 Classification of information
• A.8.2.3 Handling of assets
• A.13.2.1 Information transfer policies and procedures
• A.13.2.2 Agreements on information transfer

But please note that ISO 27001 Annex A approach to grouping controls is not related to specific processes or business units, but to security objectives to be achieved.

Considering that, without the results of risk assessment and the identification of applicable legal requirements (e.g., laws, regulations, and contracts), it is not possible to define controls specific for finance.

These articles will provide you a further explanation about the identification of requirements and risk assessment:

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding the identification of requirements and risk assessment:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Many thanks Rhand for your quick response - very helpful