This guide helps internal auditors plan and execute ISO 27001 internal audits, generate tailored audit questions, and complete audit reports efficiently using ISMS Copilot.
Who this is for
Internal auditors responsible for preparing audit plans, conducting audits, and producing reports for their organization's ISMS compliance program.
What you'll accomplish
You'll set up a dedicated workspace for internal audit preparation, generate company-specific audit questions aligned to ISO 27001 clauses, and get AI assistance with audit report writing and findings documentation.
Prerequisites
An ISMS Copilot account with login access
Understanding of your organization's ISMS scope and controls
Access to existing ISMS documentation (policies, procedures, risk assessments)
Step 1: Create a dedicated internal audit workspace
Start by creating a workspace specifically for your internal audit preparation to keep audit materials isolated from other compliance work.
Log in to ISMS Copilot
Create a new workspace named "Internal Audit Prep [Year]" or similar
Select the Auditor persona to tailor responses for audit planning and execution
Use a separate workspace for each audit cycle (e.g., "Internal Audit 2024", "Internal Audit 2025") to maintain historical records and track audit evolution over time.
Step 2: Upload ISMS documentation for context
Upload your organization's ISMS documents to enable ISMS Copilot to generate audit questions tailored to your actual policies and controls.
In your Internal Audit workspace, upload relevant files such as:
Information security policy
Risk assessment and treatment plan
Statement of Applicability (SoA)
Key procedures (access control, incident management, etc.)
Wait for the upload confirmation before proceeding
ISMS Copilot supports PDF and DOC formats. Premium accounts have unlimited upload capacity for comprehensive document analysis.
Step 3: Generate the internal audit plan
Use ISMS Copilot to create a structured audit plan aligned with ISO 27001 requirements and your organization's ISMS scope.
Example prompts to try:
"Generate an internal audit plan for ISO 27001:2022 covering Clauses 4-10"
"Create an audit schedule for our ISMS covering 12 departments over 3 months"
"What areas should I prioritize in this year's internal audit based on our risk assessment?"
Review the generated audit plan against your Statement of Applicability to ensure all applicable controls are covered in your audit scope.
Step 4: Generate tailored audit questions
Create specific, context-aware audit questions for each ISO 27001 clause or control area relevant to the departments you're auditing.
Example prompts for tailored questions:
"Generate audit questions for Clause 9.2 internal audit, tailored to our IT department"
"Create interview questions for access control (A.9) for our HR team"
"What should I ask the development team about secure coding practices under A.14?"
"Generate questions to verify compliance with our incident response procedure"
Ask for both evidence-based questions (requesting documentation) and scenario-based questions (testing understanding) to get comprehensive audit coverage.
Step 5: Get assistance with audit reports and findings
After conducting your audit, use ISMS Copilot to structure findings, draft non-conformity reports, and create executive summaries.
Example prompts for reporting:
"Draft a non-conformity finding for lack of access review documentation in the Finance department"
"Create an audit report outline covering the findings from our Clause 6 audit"
"Generate an executive summary of our internal audit results with 3 major findings and 5 observations"
"Suggest corrective actions for a finding related to incomplete backup testing"
Always verify AI-generated findings against your actual audit evidence. ISMS Copilot assists with structure and language, but you remain responsible for factual accuracy.
Best practices for internal audit preparation
Maintain audit independence: Keep your internal audit workspace separate from implementation or consultancy workspaces
Iterate on questions: Refine AI-generated questions based on previous audit findings and organizational changes
Document your process: Save chat history showing how audit questions were developed for audit trail purposes
Combine with templates: Use ISMS Copilot alongside your organization's audit templates and checklists
Review for bias: Ensure questions are objective and don't lead audited departments to specific answers
Related resources
ISO 27001 audit preparation prompts - Ready-to-use prompts for audit planning
How to prepare for ISO 27001 internal audits using AI - Comprehensive internal audit guide
ISMS Copilot for Compliance Auditors - Overview of auditor persona features
Next steps
Once you've completed your internal audit using ISMS Copilot, consider using the platform to track corrective actions and prepare for external certification or surveillance audits.