Expert Advice Community

Guest

Internal audit questions

  Quote
Guest
Guest user Created:   Sep 13, 2019 Last commented:   Sep 13, 2019

Internal audit questions

Buenos días, haré mis primeras consultas como parte de la compra del paquete de implementación de la ISO 271001, y mis consultas son las siguientes:

En un informe de Auditoría Interna ISO 27001 es posible detallar las conformidades como Mayores y Menores o solo como No Conformidades? ya que si tomo la Directriz de la ISO 19001 no la sub divide como mayor y menor, simplemente como solo No Conformidad.

Si bien es cierto un Informe de Auditoría Interna, detalla los Hallazgos (No conformidades) y observaciones, que pasaría sí en la organización auditada es todo CONFORMIDAD?, Es posible que en el Informe de Auditoría Interna mencione cuantas CONFORMIDADES encontré?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 13, 2019

I will make my first consultations as part of the purchase of the ISO 271001 implementation package, and my consultations are as follows:

In an ISO 27001 Internal Audit report is it possible to detail the conformities as Major and Minor or only as Non-Conformities? Since if I take the ISO 19001 Guideline, it does not divide it as major and minor, simply as Nonconformity only

ISO 27001 does not prescribe that Non-Conformities must be graded, so you can treat all of them only as Non-Conformities. The use of minor and major Non-Conformities are more used for certification bodies as a best practice.

While an Internal Audit Report is true, it details the Findings (Non-Conformities) and observations, what would happen if the audited organization is all CONFORMITY? Is it possible that in the Internal Audit Report it mentions how many CONFORMITIES did I find?

It is very unusual for an internal audit to be concluded with no non conformities identified, but in such cases the best course of action for the internal auditor is to highlight the good points identified in the internal audit and the observations, which could be considered for opportunities of improvement. Reporting the number of conformities normally won't add value to organization.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 13, 2019

Sep 13, 2019