In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO at Advisera, welcomes Carlos Cruz, founder of Metanoia Consulting and a seasoned expert in ISO standards. Carlos and Dejan share best practices for performing internal audits across various ISO standards, including ISO 27001, and other cybersecurity frameworks such as NIS2 and DORA. Key topics discussed include the importance of internal audits, how to prepare effective audit checklists, and the role of AI in the future of auditing. The episode also explores the differences between internal audit programs and plans, the significance of audit objectives, and offers practical advice for consultants looking to expand their services into internal auditing. Carlos provides a deep dive into ensuring compliance and effectiveness while offering practical tips on maintaining independence and delivering valuable audit reports.
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) - Interview with Carlos Cruz on internal audits
- (01:38) - Importance and Best Practices for Internal Audits
- (04:55) - Audit Objectives and Their Importance
- (09:38) - Creating an Internal Audit Program
- (13:31) - Audit Plans and Internal Audit Checklists
- (27:06) - Conducting the Main Audit
- (30:10) - The Importance of Evidence in Auditing
- (36:43) - Preparing the Audit Report
- (42:13) - Consultants and Internal Audits
- (49:29) - Remote Auditing: Challenges and Opportunities
- (57:17) - AI in Internal Auditing
- (01:04:34) - Resources for Consultants
