Recently, I went through the book on "Internal Auditing"("ISO Internal Audit: A Plain English Guide") which I had bought from your Advisera site.
And then I also went through the free training on your site(ISO 27001 Internal Auditor Course).
After that I felt very comfortable and confident on "Internal Audit" subject.
I just loved both areas(book and online training) because this is written beautifully, easy to understand along with practical examples.
Full credit goes to you and your team .
I also passed CISA exam(around 3 years back).
And I am trying consultancy in these areas(ISO 27001 Implementation, Auditing, Data privacy(e.g. EU-GDPR) and BCM etc.)
I had few queries. I need some help and would appreciate if these are addressed for my benefits.
1) First of all, is this book and training together comprehensive and enough to get prepared as a professional to provide consultancy in these areas? Do you feel some more study is required apart from this(to fill any possible knowledge gap)? If yes, please suggest those study areas/material/book etc.
2) In terms of work/activities, what is the difference between Internal Auditor and External Auditor(What External Auditor does but Internal Auditor does not and vice-versa)?
3) In ISO 27001, there are many documents and if any internal/external Auditor has to go through all the documents thoroughly(as pre-audit step), then it may take considerable time. Any tips for this ?
4) How to estimate the effort(time) required to complete any Audit?
5) Should Internal/external Auditors need to check the Firewall configurational setting to ensure that Firewall is properly configured(in context of ISO 27001)?
6) What could be questions related to Legal requirement ?
7) How to cross check(ensure) whether Management has really reviewed the Infosec policy document?
8) How should we test password policy(gather evidence that it is implemented and working as per the policy)?