say you completed an audit, submitted the audit report to top management for review. Now that management has read the report, they disagree with some of the findings. What is the best or common practice to address such feedback in relation to the report that has already been finalized?
Assign topic to the user
ISO 27001 INTERNAL AUDIT REPORT
Document the findings of an internal audit.
Get it now 
ISO 27001 INTERNAL AUDIT REPORT
Document the findings of an internal audit.
Get it now
ISO 27001 INTERNAL AUDIT REPORT
Document the findings of an internal audit.
Get it now
Expert
Rhand Leal
Jul 29, 2021
The common practice is to gather robust evidence to support the findings (i.e., concrete evidence of the observed facts and that defined requirements and/or plans are not being fulfilled) and keep constant communication with top management during the audit process (e.g., meet with them at the end of each audit day). Keeping information flowing is the best way to prevent top management from being surprised by the results of an audit.
For further information, see:
- 7 ways to improve the internal audits of your ISO 27001 ISMS https://advisera.com/27001academy/blog/2017/08/28/7-ways-to-improve-the-internal-audits-of-your-iso-27001-isms/
Comment as guest or Sign in
Jul 29, 2021
Jul 29, 2021
Jul 29, 2021