Information security risk management and internal audit

1. I purchased your Risk Assessment Table and Risk Treatment Table. I have completed this phase of the planning for our ISO Certification.  Now, once I have filled out the excel Spreadsheets does that count as my "Risk Report" for purposes of satisfying the mandatory document for Certification audit?
My next step is the SOA correct?

First is important to note that a "Risk Report" is not a mandatory document for ISO 27001. The standard requires retention of some documents as evidence that risk assessment and treatment was performed, and for that purpose the Risk Assessment Table, the Risk Treatment Table, the Statement of Applicability (yes, this is the next step of the risk assessment and treatment process), and the Risk Treatment Plan, are enough.

This article will provide you further explanation about risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

2. What course do you recommend so I can be prepared to do an internal audit and improvement for the ISMS for my company?

As a course for internal audit I suggest you to take a look at our ISO 27001:2013 Internal Auditor Course at this link: https://advisera.com/training/iso-27001-internal-auditor-course/

In this online course, you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.