Producing clear audit reports is a crucial part of managing information systems. It’s also a mandatory requirement of many IT best practices and standards, such as ITIL®, PRINCE2®, COBIT®5, ISO 27001, and the Payment Card Industry Data Security Standard (PCI DSS).
Anyone who wants help with these reports should read Information Systems Auditing: Tools and Techniques, a free guide published by ISACA®. It provides advice on how to:
- Create well-written audit reports that communicate the objectives of the audit
- Explain what was performed
- Focus on conclusions and actions that the auditee needs to take
The value of well-written reports
Many of us have seen reports that didn’t explain the audit methodology, presented the results in an illogical order, or failed to provide adequate recommendations for remediation. Depending on the scope of the audit, the quality of the report can influence senior managers’ decision-making process. Compliance, performance, continual process improvement, staff, and costs can all be affected.
Our fully accredited, practitioner-led ISO27001 Certified ISMS Lead Auditor Online Masterclass covers the key steps involved in planning and completing an external audit of an ISO 27001-compliant information security management system (ISMS). It can help you:
- Understand best-practice audit methodology
- Learn how to use audits to monitor conformance to the Standard, guarantee consistent implementation, and assess the effectiveness of continual improvement
- Gain experience of the practical application of ISO 27001 audit processes through discussion and role-play
If you need help conducting your audits, you should take a look at our ISO 27001 Internal Audit Service.
This service takes the guesswork out of audits, as we provide a qualified auditor to do the job for you. The internal audit can be challenging without the experience of seasoned professionals, but our auditors will:
- Conduct a document review
- Review whether the corrective actions raised during any previous audits have been closed
- Observe the implementation of the management system requirements
- Interview the relevant staff
- Produce an internal audit report, ready for management review