Audit activities
Assign topic to the user
We have an internal audit procedure, which defines the auditor requirements, I.e. qualified, scope, criteria, plan, etc.
They said we need to audit them and document an audit report of the auditors, and we can even give them minor/major NCs.
Am I crazy?
Answer: ISO 27001 clause 9.2 (Internal audit) requires that an organization selects auditors and conducts audits that ensure objectivity and the impartiality of the audit process, and in the situation you mention it means the auditors cannot audit their own work. When you have more than one auditor, they can audit each others work. In cases were you only have one auditor, the organization must consider hiring an external auditor to audit specifically the clause 9.2.
This article will provide you further explanation about internal audit:
- Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Apr 16, 2018