LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Audit activities

  Quote
Guest
Guest user Created:   Apr 16, 2018 Last commented:   Apr 16, 2018

Audit activities

I have a question, and it’s kinda crazy. We recently had our internal audit. The auditor said to us, since they the internal audit, could not audit management clause 9.2, but we the client had to audit the auditor. Of all my years, and all my audits, I have never heard of this.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 16, 2018
We have an internal audit procedure, which defines the auditor requirements, I.e. qualified, scope, criteria, plan, etc.
They said we need to audit them and document an audit report of the auditors, and we can even give them minor/major NCs.
Am I crazy?

Answer: ISO 27001 clause 9.2 (Internal audit) requires that an organization selects auditors and conducts audits that ensure objectivity and the impartiality of the audit process, and in the situation you mention it means the auditors cannot audit their own work. When you have more than one auditor, they can audit each others work. In cases were you only have one auditor, the organization must consider hiring an external auditor to audit specifically the clause 9.2.

This article will provide you further explanation about internal audit:
- Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 16, 2018

Apr 16, 2018