Legal requirements

I assuming you are referring to clause 4.2 (determination of requirements of interested parties) instead of clause 4.1 (understanding the organization and its context). Considering that, besides this clause and section A.18.1 you mentioned, ISO 27001 refers to legal issues also in control A.8.2.1 (classification of information).

You should also consider clause 9.3 (management review), because it covers among other things interested parties feedback, changes in organizational context and the performance of security controls, as well as controls that regulate agreements, like A.7.1.2 (Terms and conditions of employment), A.13.1.2 (Security of network services), A.13.2.2 (Agreements on information transfer), A.13.2.4 (Confidentiality or nondisclosure agreements), and A.15.1.2 (Addressing security within supplier agreements).

This article will provide you further explanation about audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

This material will also help you regarding audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/