60 lines
1.7 KiB
Markdown
60 lines
1.7 KiB
Markdown
Title: Internal Audit Plan Template
|
|
Document ID: [REG-AUDIT-PLAN-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Internal Audit Plan Template
|
|
|
|
## Purpose
|
|
|
|
This template provides the structure for planning internal ISMS audits across the audit cycle.
|
|
|
|
## Scope
|
|
|
|
This plan applies to internal audit activities covering governance, controls, processes, evidence, and improvement actions within the ISMS scope.
|
|
|
|
## Data Fields / Expected Columns
|
|
|
|
The audit plan should record at least:
|
|
|
|
- audit reference
|
|
- audit topic or scope
|
|
- audit criteria
|
|
- planned period
|
|
- assigned auditor
|
|
- auditee or owner
|
|
- status
|
|
- report due date
|
|
- follow-up required
|
|
- notes
|
|
|
|
## Ownership
|
|
|
|
This plan should be owned by [Role]. Audit leads should maintain planned dates, status, and follow-up information.
|
|
|
|
## Update Frequency
|
|
|
|
The plan should be updated when audits are scheduled, rescheduled, completed, or when follow-up activity changes status.
|
|
|
|
## Retention
|
|
|
|
Audit planning records should be retained with related audit outputs in line with retention and audit traceability requirements.
|
|
|
|
## Template Table
|
|
|
|
| Audit Reference | Audit Topic / Scope | Audit Criteria | Planned Period | Assigned Auditor | Auditee / Owner | Status | Report Due Date | Follow-up Required | Notes |
|
|
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
|
| [AUD-001] | [Topic / area] | [Policy / standard / clause] | [Month / Quarter] | [Name / Role] | [Role / Team] | [Planned / In Progress / Complete] | [DD Month YYYY] | [Yes / No] | [Notes] |
|
|
|
|
## Related Documents
|
|
|
|
- Internal Audit Procedure
|
|
- Corrective Action Procedure
|
|
- Management Review Procedure
|
|
- ISMS Manual
|