Need Process Owner's presence during audit?

1. Do we need the process owner's presence to front the auditor(s)?

Answer: ISO 27001 does not prescribe the presence of process owner’s during the audit (in fact, ISO 27001 does not require defining process owners at all), but for some questioning the auditor may have, the process owner may be the person which can provide the proper answer to him.

During the audit opening meeting, you can ask the auditors who need to be present during the audit.

2. Why is the presence of the process owners important during the audit?

Answer: Please note that some decisions regarding a process, like objectives definition or changes, may only be answered, or best answered, by the process owner.

Alternatively, the person that is most used to the process (sometimes known as the key user) may provide these answers.

3. Who should be in the audit session with auditors? and Why?

Answer: In general, the people accompanying the auditor are the responsible for the audited area (so he can better understand the audited process and verify management commitment to information security) and the person responsible for the information security (this person usually acts as a guide and interpreter between the auditor and the auditees).

The auditor may require some person from the information security to be present, so he can ask questions to verify the employees' understanding of information security and their roles in the process (i.e., which information security activities they perform and how).  

For further information, see:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/ 
- Infographic The brain of an ISO auditor: What to expect at a certification audit https://advisera.com/blog/2015/06/22/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/