Show me desktop version

Webinar – Internal audit: How to conduct it according to ISO 27001 and ISO 22301/BS 25999-2

Webinar on demand



In this webinar you’ll learn:

  • ISO 27001/BS 25999-2 requirements for internal audit
  • How can ISO 19011 help you
  • The purpose of internal audit
  • Differences between internal audit and external audit
  • How to structure the procedure for internal audit
  • Requirements to become internal auditor
  • Definition of nonconformity, when to raise major or minor nonconformity
  • How to develop the Audit Program, Audit Plan
  • How to perform documentation review
  • How to develop audit checklist, how to perform on-site audit, techniques for collecting evidence, how to write corrective action requests
  • How to write audit report and follow-up


Target Audience:

Professionals with little or moderate experience in internal audit according to ISO 27001/ISO 22301, including:

  • ISO 27001/ISO 22301 internal auditors
  • Chief Information Security Officers (CISOs)
  • Chief Information Officers (CIOs)
  • Business continuity managers/coordinators
  • Compliance managers
  • ISO 27001/information security consultants
  • ISO 22301/business continuity consultants
  • Members of top management responsible for information security/business continuity
  • All information security/business continuity practitioners

Presenter: Dejan Kosutic
Language: English
Format: Recorder webinar
Duration: 111m 29s (1h 51m 29s)


Dejan is clearly a subject matter expert on Risk Analysis and Risk Management. His trainings are well designed and superbly and professionally delivered using the GoToTraining platfrom.

Bob Chaput
CISSP, CHP, CHSS, CEO at Clearwater Compliance LLC



Presented by: Dejan Kosutic



Dejan Kosutic is the author of documentation toolkits at 27001Academy. He has extensive working experience both as tutor and as a consultant - he is an Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and ISO 22301/BS 25999-2 in-person courses throughout Europe as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized business including IT companies.

He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.



Why is risk treatment important?                                                                                                                  


Risk treatment is the second part of the risk management, right after the risk assessment process – the purpose of risk treatment is, once you know where the risks are, to define how to control those risks.

During risk treatment the controls from ISO 27001 Annex A are usually selected as a means to decrease risk – while doing it, it is very important to balance between decreasing the risks and the cost of controls, because you may end up investing too much in a certain control while you may have had a cheaper alternative.

Statement of Applicability is the key document listing all the controls from Annex A – not only does it define which controls will be used, but it also defines what should those controls achieve, why they were selected etc. This document serves as the starting point for the implementation process of the controls.



27001Academy live online trainings: The knowledge you can apply right away.


Related Frequently Asked Questions


In which language are the webinars delivered?

Live online trainings via webinars are currently delivered in English only. However, we plan to deliver some of the trainigs on Spanish and Croatian too.

Are these trainings held in person, at a specific venue?

No, all our live online trainings are delivered through Internet only, via webinars. Webinars enable you to experience both audio and video presentation from our presenter/trainer.

What do I need to watch the webinars on Demand (recording of live online streaming)?

You just need your computer with a browser - webinar recordings can be watched as any other video on the internet, e.g. on YouTube.

How many times can I watch the webinar recordings?

The number of views is not limited - you can watch the recordings as many times you wish.

Free live support
Request callback
Time to call:

Or call us directly

Toll-Free (U.S. and Canada):