Internal audit
15274
page-template,page-template-full_width,page-template-full_width-php,page,page-id-15274,bridge-core-3.0.8,qi-blocks-1.3.4,qodef-gutenberg--no-touch,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-theme-ver-29.5,qode-theme-bridge,wpb-js-composer js-comp-ver-7.9,vc_responsive,elementor-default,elementor-kit-16383
 

Internal audit

AUDITS NEEDN’T BE SCARY OR FILL YOU WITH DREAD.

Audits are a very useful tool to understand which processes are working and which are not in your business. In security, and particularly in ISO 27001 in which they are a requirement, they should be done frequently.

 

The word ‘audit’ can send operational teams into a panic and fill them with dread. So we call it ‘discovery’. Images of expressionless scrutineers, shaking their head in disapproval may come to mind. Concerns about reputations and even jobs being challenged over the results of findings can lead to anxiety.

 

In reality, and certainly with InfoShelter, nothing is further from the truth.

 

We see internal audits as a way to connect with our clients and understand which processes are working and which are not. All in the spirit of continual improvement. It’s also important to understand that it is never the person being audited, just the processes.

 

We place equal importance on putting the auditee at ease and creating a productive environment, and being extremely observant against the backdrop of whatever criteria we are auditing against.

Our approach

Discovery Interview

We would either work with an existing audit schedule or help define a new one. Sessions are conducted either side-by-side in person or over a web conference session. Interviewees are always made to feel at ease with the process and offered a review of report before a final version is produced.

Output

Full reports are delivered containing screenshot evidence (where necessary) along with recordings. This can be delivered offline or in a debrief session. We can also create internal audit assessment material and analysis for your ISO 27001 management review if needed.

Corrective Actions

Non-conformances, Opportunities for Improvement (OFIs), and Observations (risks) will be contained within our reports. Corrective actions in answer to these findings can be discussed in a debrief session and / or documented in reports.

We are all qualified ISO/IEC 27001 Lead Auditors, certified by leading accreditation bodies (IRCA and IBITQ).

 

We have a wealth of experience interviewing people in all positions, from directors to junior staff.

 

Using InfoShelter to conduct ISO 27001 internal audits provides several advantages, including objective assessments, specialised expertise, identifying hidden risks, and quicker audit processes.

Need help with some or all of your ISO/IEC 27001 internal audit program?