2. What is IS Audit Plan?
Audit objective, scope and criteria
Audit schedule
Auditors and Auditees
References
Contents
kentico software development companies
3. What is IS Audit Plan?
Strategy for the audit
Prepared by auditor in consultation with team leader in organization
Approach in creating Audit Plan:
Top-down
Bottom-up
kentico software development companies
4. Template of Audit Plan
Audit objective
Audit scope
Audit criteria
Audit method
Audit team
Audit client
Auditee’s list
Audit schedule
kentico software development companies
5. Defines what is to be accomplished by the individual audit
Examples:
To assess a company for its degree of conformance to ISMS standard
To determine in which areas the greatest problems lie in organization
To follow-up on non-conformities reported at a previous audit
To asses the implementation and effectiveness of ISO 27001:2013 clauses and controls
Audit Objective
kentico software development companies
6. Audit Scope
Relates to extent and boundaries of an audit
Includes a description of the physical locations, organizational units, activities
and processes, as well as the time period covered
It should be consistent with the audit program and audit objectives
Scope of management system could be the same as the scope of second/third
party audit except for the omission of time period
kentico software development companies
7. Audit Criteria
Audit criteria are used as a reference against which conformity or non-conformity is
determined
Example:
ISO 27001 : 2013 clauses and controls
ISO 31000 for Risk management and assessment
ISO 26000 for Social Responsibility
ISO 22000 for food safety management
kentico software development companies
8. Four types of Audit methods:
Human interaction and on-site
Human interaction and remote
Non-human interaction and on-site
Non-human interaction and remote
Audit plan mentions which type of audit method has to be implemented by auditor
during audit process
Audit Method
kentico software development companies
9. Auditor :
One who audits the organization to achieve an audit objective against an audit criteria
Auditee:
One who is going to be audited
For example, whole organization or individual department like Finance, HR etc
Technical expert:
Communicator between auditor and auditee in case of language barrier
Works under the direction of auditor
Audit Team
kentico software development companies
10. Relates to scheduling of an audit
Content of audit schedule:
Date
Business Process
Location
Auditee
Start-time
End-time
Auditor
Audit area
Audit Schedule
kentico software development companies
12. iFour Consultancy Services
Visit these websites for more details:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
THANK YOU!!!
kentico software development companies
Editor's Notes
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com
eCommerce solution provider India – http://www.ifour-consultancy.com