Secure Your Business

The internal audit: powerful tool for improvement


Well-aimed audits increase profitability of ISMS:
CIS Course “IS Auditor” acc. to ISO 27001 imparts effective techniques


"The internal audit is one of the most powerful tools for further development of management systems within the company,” emphasizes Peter Soudat, CIS Auditor and Trainer. In the CIS Course “Information Security Auditor acc. to ISO 27001”, the participants are imparted systemic techniques enabling them to scrutinize the internal conditions according to different criteria. An audit Is the tool to discover weak points, identify duplication of work and find out opportunities for optimization. If we want to formulate it nonchalantly: in-house cost efficient consulting, which sustainably improves profitability of management systems.Ausbildung_ISAuditor_SoudatText_puzzleweiß

Auditing: as seen by another person

“Correct auditing creates measurable value for the company,” explains Peter Soudat.

soudat_NW_korrWhat is important in this respect is to ensure the internal audit has a special focus, which should be established by top management. The audit objective should be derived from the corporate goals, such as saving costs or increasing the sales volume or efficiency and broken down to information security. By putting circular questions, the auditor enables decision-makers to see internal situations from the perspective of another person. What would a process have to look like in order to be judged to be positive by others? This way of questioning also helps to better explain concerns of one’s own area to management.


Audit principles and checklists
In order to increase the degree of penetration of the ISMS in the company according to economic criteria and ensure the objectives and targets can be achieved, a systematic procedure is necessary. The CIS Course for IS Auditors will impart this procedure with the relevant audit techniques in a well-aimed manner: Audit principles, types of audit and preparing audits are included just as much as creating audit documents or checklists, conducting the on-site audit, the audit report as well as deriving corrective action. Case studies and exercises will illustrate the imparted knowledge in a practice oriented manner. The psychological bases imparted in the course are just as important as audit techniques. The psychological bases help to effectively communicate lessons learned about system improvement.

Support given by internal auditors will not only pay off at the system audits to be conducted every year. Even project audits can be used as “milestone reviews” in order to help to achieve project goals better and more rapidly.




<<< go back 


CIS - Macedonia Certification & Information Security Services, d.o.o. T + 389 2 3225-102 office.mk@cis-cert.com Imprint