To maintain consistency in internal auditing, organisations should implement an internal audit process which clearly sets out the steps to be followed during an audit. This could include:
- Requirements for competency - for example, having undertaken certain training or experience
- Opening and closing meetings - this could include an agenda of items to be discussed to ensure the auditor and auditees have the same understanding, and that any audit findings are discussed at the end of an audit
- Audit report template - this way audit findings and observations can be consistently reported on
related BLog
No items found.
"
It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
The Owners and Distributors of Quality Brands
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.