Roles and competencies

Answer: ISO 27001 does not prescribe who must be responsible for internal audit, so considering the size of the organization, the CEO can be the owner of internal audit process.

2. Can intern perform internal audit in that case who will become owner of internal audit?

Answer: The main criteria to perform internal audit is competence, which can be evidenced by means of knowledge (e.g., certificates), education (e.g., training) or experience (e.g., records of previous performed audits), and impartiality (an auditor cannot audit his own work). If you can demonstrate that the intern has the necessary competence, and he does not audit his own work, he can perform internal audit. Regarding the ownership of the internal audit audit process, in this case, considering the person is an intern, you should consider a full time employee to be the owner (including the CEO as stated in the first answer).

These articles will provide you further exp lanation about roles and responsibilities and internal audit:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/