What types of evidence is normally obtained for each of the controls

I assume you are asking me which techniques to use during the internal audit? Basically, you should develop an audit checklist, this article will help you with it: How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Us ually 3 types of evidence are obtained: documentation/records, personal observation of an auditor, and interviews with the employees.

Regarding your question on how to audit controls which seem to be vague, you should actually study more carefully what the controls say. So for instance, the control you refer to (A.12.1.1) requires you to document the operating procedures and that they are available to all users who need them - so you have to check (1) if they are documented, and (2) if they are available to users - there is nothing vague about that.

Further question:

> What is vague to me is what ‘operating procedures’ are in the control A.12.1.1. I work at a very large company and we have many different operating segments and thousands of people that work in operations so that is why I was unsure on how much detail is needed.

The objective of section A.12.1 is "To ensure correct and secure operations of information processing facilities" - therefore, the operating procedures here refer to IT operations. In other words, for control A.12.1.1 you need to check only your IT procedures.

Regarding the question of detail - I would say that each of the controls that you select as applicable from the section A.12 should be covered with some document - they can all be covered in a single document, or each could have a separate document; the documents could be more or less detailed - all this doesn't matter as long as you have all these controls documented.

But if you are a larger organization, chances are that you already do have all of these documents.