ISO 27001 - Internal Audit Plan Template
Internal Audit Plan - Planned, Risk-Based ISMS Assurance
Required under ISO 27001:2022 Clause 9.2 - reviewed by auditors at every certification and surveillance audit.
The Internal Audit Plan is a mandatory documented requirement under ISO 27001:2022. It defines how internal audits are planned, scheduled, scoped, and resourced to verify conformity with ISO 27001 requirements and the organisation’s ISMS.
Auditors review the Internal Audit Plan during Stage 1 and Stage 2 audits to confirm that internal audits are risk-based, conducted at planned intervals, and performed by independent, competent auditors. Missing, generic, or informal audit plans frequently result in nonconformities, corrective actions, or delayed certification.
This template provides a structured, defensible, auditor-ready Internal Audit Plan, aligned with ISO 27001:2022 Clause 9.2 - enabling organisations to demonstrate effective ISMS oversight with confidence.
Why This Document Matters?
- Confirms internal audits are planned and controlled.
- Defines audit scope, schedule, and coverage.
- Applies a risk-based audit approach.
- Establishes auditor independence and roles.
- Provides clear evidence for certification audits.
What's Included in This Template?
- ISO 27001:2022 Clause 9.2–aligned audit plan structure.
- Defined audit scope, criteria, and frequency.
- Risk-based audit programme and prioritisation.
- Roles, responsibilities, and auditor independence.
- Audit methods, sampling, and reporting approach.
- Planning inputs for management review and improvement.
Common Audit Issues This Helps You Avoid
- No formal or documented internal audit plan.
- Audits not covering the full ISMS scope.
- Lack of risk-based audit scheduling.
- Auditors lacking independence or defined competence.
- Inconsistent audit frequency or missed audits.
- Clause 9.2 nonconformities at Stage 1 or Stage 2 audits.
Who Should Use This Template?
- Organisations establishing an ISO 27001–compliant internal audit programme.
- Companies preparing for certification or surveillance audits.
- ISMS teams are formalising or improving internal audit planning.
- Consultants managing multiple ISO 27001 audit programmes.
- Organisations aligning audits to ISO 27001:2022 Clause 9.2.
Format & Customisation
- Editable Microsoft Word format (.docx)
- Fully customisable text, headings, and branding
- No specialised software required
- Compatible with Word, Google Docs, and LibreOffice
Compliance Note
The Internal Audit Plan is one component of a complete ISO 27001 ISMS. Certification also requires documented audit procedures, audit records, corrective actions, and management review inputs. All audit-related documentation must work together to demonstrate effective ISMS monitoring and continual improvement during audits.
How Does It Work?
-
1Download the Word template instantly after checkout.
-
2Replace company-specific details where applicable.
-
3Customize wording in template if required.
-
4Approve and use as your ISMS internal audit plan.
Upgrade to the complete ISO 27001 documentation toolkit and eliminate audit evidence gaps.
- 80+ ISO 27001 templates.
- Risk assessment & treatment templates.
- Statement of Applicability (SoA)
- Internal audit toolkit
- ISMS implementation plan
- Audit-ready documentation structure
Save over 70% compared to buying templates individually.
Get The ISO 27001 Complete Toolkit
