Study Document 12

Audit templates and checklists.

Practical ISO 27001 Lead Auditor working templates for audit planning, opening meetings, evidence collection, nonconformity reporting, closing meetings, and corrective action review.

Purpose

Templates help learners think like auditors.

These templates are not scripts. They are structured prompts to help learners identify audit criteria, collect objective evidence, keep traceable notes, report findings, and close actions professionally.

6Core templates covering planning through corrective action closure.
FVRREvidence should be fact-based, verifiable, reliable, and relevant.
NCRRequirement, evidence, problem, and location.

Template 1

Audit plan checklist.

Use this to confirm that the audit plan is complete before the audit begins.

Audit objectives defined.
Audit scope confirmed and aligned to ISMS or certification scope.
Audit criteria identified, including ISO 27001 clauses, internal requirements, legal obligations, contracts, SoA, and risk treatment plan.
Audit date, duration, locations, and remote arrangements confirmed.
Audit team competence, independence, and roles confirmed.
Processes, functions, systems, and services selected.
Sampling approach defined and risk-based.
Previous audit findings, incidents, changes, and complaints reviewed.
Opening and closing meetings scheduled.
Communication, confidentiality, security, and evidence handling arrangements confirmed.

Template 2

Opening meeting checklist.

The opening meeting confirms the audit arrangement and prevents avoidable confusion during evidence collection.

Agenda item
What to confirm
Introductions
Audit team, auditee representatives, guides, observers, technical experts, and roles.
Audit basics
Objectives, scope, criteria, audit plan, timings, locations, methods, and sampling.
Communication
Daily updates, escalation points, availability of people, access to systems, and remote audit method.
Rules
Confidentiality, safety, security, photography, screenshots, data handling, and visitor requirements.
Close
Reporting approach, grading, closing meeting details, and opportunity for questions.

Template 3

Evidence collection sheet.

Good audit notes should be traceable enough to support a finding later. Record exact evidence, source, date, sample, and criteria.

Audit area
Criteria
Question
Evidence reviewed
Result
Clause or process
ISO clause, policy, procedure, contract, SoA, risk plan.
Open question or test objective.
Record, interview, observation, configuration, log, report.
Conformity, NC, follow-up, or more sampling needed.

Template 4

Nonconformity report template.

This template helps ensure the NCR is complete, objective, and suitable for corrective action follow-up.

NCR fields

  • Audit criteria or requirement.
  • Objective evidence.
  • Statement of nonconformity.
  • Location, process, system, or service.
  • Classification: major, minor, or other category used by the audit programme.
  • Correction required.
  • Corrective action required.
  • Due date and auditee response.

Auditor review fields

  • Correction evidence reviewed.
  • Root cause assessed for logic and completeness.
  • Corrective action mapped to root cause.
  • Implementation evidence verified.
  • Effectiveness review completed.
  • Similar issues considered.
  • Closure decision: closed or further evidence required.

Template 5

Closing meeting checklist.

The closing meeting should be calm, evidence-based, and clear about next steps. It is not the place for unsupported claims or personal blame.

Thank the auditee and confirm attendance.
Restate audit objectives, scope, and criteria.
Explain sampling limitations and evidence basis.
Present positive findings, observations, nonconformities, and audit conclusions.
Explain grading, corrective action process, timelines, report delivery, and follow-up requirements.
Explain complaint or appeal route, where applicable.
Confirm next steps and invite questions.

Template 6

Corrective action review checklist.

Closure should be based on evidence. Do not close a finding only because an action plan exists.

Was the detected nonconformity corrected?
Was the root cause identified and supported by evidence?
Does the corrective action address the root cause, not only the symptom?
Was the corrective action implemented within the agreed timeline?
Was implementation evidence provided and verified?
Was effectiveness reviewed after enough time had passed?
Were similar issues or related processes considered?
Can the finding be closed, or is further evidence required?

Audit-note quality

Write notes that can survive challenge.

  • Record exact evidence source, date, sample, and owner where relevant.
  • Separate interview statements from verified records.
  • Record both conformity and nonconformity evidence.
  • Use criteria references when a potential finding appears.
  • Avoid personal opinions and unsupported adjectives.

Exam technique

Templates reveal the missing element.

  • If the scenario lacks criteria, the finding is incomplete.
  • If the scenario lacks verifiable evidence, more evidence is needed.
  • If the action only fixes the current record, it may be correction only.
  • If the plan has no sampling logic, the audit plan is weak.
  • If closure lacks effectiveness review, closure may be premature.

Quick memory aid

Plan template controls the audit. Evidence sheet supports findings. NCR template structures the issue. Closing checklist communicates conclusions. Corrective action checklist protects closure quality.

Use note

This is a KISCyber learner guide.

This page is an original training summary using user-provided ISO 19011 audit guidance and ISO 27001 Lead Auditor study materials as references. Always tailor audit templates to the audit programme, audit criteria, certification body rules, and current provider guidance.