VPM Created: Jan 24, 2022 Last commented: Jan 26, 2022

Leader Auditor 27001

My doubts go more for real situations in an audit, where to be able to see these cases. For example, if an auditor finds that in an audit the software that a company has is illegal, how should he proceed, or in what cases can an auditor abandon an audit. I have read complementary ISO 27001 but I do not find these real cases that can happen and how a lead auditor is supposed to act.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 26, 2022

Since the possibility for tricky situations is endless, the best way to find out how to handle them is to participate in lead auditor forums, or specific related groups in social networks, and place your questions (it is unfeasible to bring all situations in training).

As for your example, the best approach is to state that it was not possible to evidence the proper management of intellectual property rights of software *** (you should NEVER state that software is illegal, remember that your findings are based on the evidence you have or have not found).

Regarding abandoning an audit, this should be your last resort, only in cases in which the auditor perceives that proceeding with the audit will lead to risks of physically harming or risk of life. In such cases, he needs first to communicate with his manager, explain the situation and decide how to proceed. When there is no time for such communication, the auditor must contact his manager as soon as possible.

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 24, 2022

Jan 26, 2022

Expert Advice Community