In addition to Andy's comments, with which I agree, some corrections which I hope might be appreciated:
The 7799 series has been withdrawn and replaced with the ISO 27000 series:
ISO 27001 - ISMS Requirements (audit criteria)
ISO 27002 - Implementation guidance - mostly the controls
ISO 27003 - IS Management System Implementation guidance
ISO 27004 - IS Measurements
ISO 27005 - IS Risk Management
ISO 27006 - Requirements for bodies providing ISMS audit and certification sercvices
Accredited Certification Bodies will not generally Certify "just a department, just one floor of an organization." The ISMS Scope must encompass a meaningful set of information assets and their associated processes, facilities, etc.
While ISO 27001 does indeed require assets and their owners to be identified, there is no requirement for an "asset custodian", nor is the term defined.
Business Impact Analysis (BIA) is a concept from BS 25999 Business Continuity Management. It should not be conflated with information security risk assessment and is designed for sustaining an organization's critical products and services - not necessarily its IT assets.
It is not a requirement of ISO 27001 to provide the SoA to clients or external trusted authorities, nor an expectation of CBs, because it's a security risk. The SoA is sometimes requested, and sometimes shared, but in sanitized form.
The audit guidance is not consistent with what CBs do or teach, in that it is over-simplified. For example, in addition to the controls, CB's and internal auditors look for consistent processes that satisfy the requirements of clauses 4 through 8, and audit the SoA against the risk assessment reports, the risk assessment method, and the ISMS scope and policy. Organizations that have not implemented these mandatory clauses are too common, and fail their initial certification audits.
Finally, in the ISMS world, a desktop audit is another term for the Stage 1 or documentation review. It's nothing to do with the desktop on a user's computer. (Checks for illegal content on user machines are normally done with automated tools that scan disks periodically.)
Hope this helps,
Pat