Expert Advice Community

Home / ISO 27001 & 22301 / Performing internal audit as a service

Guest

Performing internal audit as a service

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jun 21, 2016 Last commented:   Jun 21, 2016

Performing internal audit as a service

ISO 27001 & 22301
I have a question regarding the internal auditor. At a point in the course, you give an example saying that if the auditor never worked in the construction industry, he/she will not be considered competent enough to perform an internal audit. If to interpret your words, an independent third party auditor should be limited to a specific industry or two? If for example I never worked in a bank, than I most probably will not be qualified to perform an internal audit even if I know very well the standards, the processes and the law/regulations? I am taking this course because I am interested in working as a third party internal auditor, no thoughts on a specific industry (my company works with clients from many different fields). At the moment it is not very clear if the exam for the internal auditor requires an experience in a specific industry or not. Or maybe there are some things I misunderstood? I will appreciate if you can clarify it for me.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Dejan Kosutic Jun 21, 2016

Answer:

The exam for our ISO 27001 Internal Auditor Course does not require an experience in a specific industry - the exam requires you to prove that you have learned the curriculum that was presented in the course.

I understand that your intention is to provide internal audit as a service to your clients, and the point is that you will be much more successful performing this internal audit in the industries where you have experience. On the other hand, for most industries there are no laws or regulations that would prevent you from performing an internal audit in those companies, so if you can convince those companies to use your services, you are free to use that opportunity. In some industries (like banking) there might be regulations which strictly regulate who can perform IT or information security audits.

By the way, you should not mention "third party" phrase in the context of an internal audit, because the phrase "third party audit" means the certification audit performed by certification bodies.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 21, 2016

Jun 21, 2016

Suggested Topics
Guest user Created:   Sep 07, 2023 ISO 27001 & 22301
Replies: 1
0 0

Certification for both 9001 and 27001
Guest user Created:   Jun 03, 2021 ISO 27001 & 22301
Replies: 1
1 0

Implementation questions
Guest user Created:   Mar 05, 2021 ISO 27001 & 22301
Replies: 1
1 1

Including SOC 2 controls in SoA