What role should person doing Internal Audit have?
Does the person doing the Internal Audit need to have an IT Security Job Title or Role?
Assign topic to the user
An Internal Audit does not need to have an IT Security Job Title or Role.
ISO 27001 does not prescribe job titles or roles for persons performing internal audits. It only requires that internal audits have the proper knowledge, skills, and experience and that to select internal auditors you ensure the objectivity and the impartiality of the audit process, which means that internal auditors are not directly involved in the process being audited (an auditor should not audit his own work).
These articles will provide you a further explanation about the Selection of internal auditors:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/
These materials will also help you regarding the Selection of internal auditors:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 03, 2021