Question on clause 9

As far as I understand is we have to select few areas (of our choice and appropriate to bank's business) like BCP, Incident Management, Document review, etc. Then we need to assign some statistical parameters to evaluate the efficiency (in terms of success/failure %). Finally periodically analyze the results to get a trend or efficiency of implementation.

However, I wanted an expert's advice on all points of "Clause 9.1 Monitoring, measurement, analysis and evaluation" so that nothing is missed during external audit. If you can explain me in detail and help me with any working paper, I would be grateful to you.

Answer: If you are certified, all the ISMS processes should be monitored and measured (and continually improved), along with the most important controls (the ones that counters the highest risks) or that are ‘required’ by your national ‘bank) regulatory entity. The ones you propose are possible candidates, if they meet these conditions. If not, you’re wasting your time and money.
Until now, ISO hasn’t provided much usable input for this. It is expected that it will rapidly change. The objective of (future) ISO27004 will be to help organisations to a) monitor and measure information security, b) to monitor and measure the effectiveness of the management system and its processes, c) analysing and evaluating the results. Current draft could become CD in October and be published by end of 2015 or begin 2016.
 
You should find more input in this seminar: ISO 27001 and ISO 27004: How to measure the effectiveness of information security?
https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/