Internal Audit Plan for a 3 year cycle

This plan describes how the Internal Audit will be split over 3 years, so that every 3 year cycle the entirety of FundApps' Information Security Management System has been audited.

Once a cycle of 3 years is completed, a new 3 year cycle will begin.

Year 1

This internal audit shall cover the following elements:

Clauses 4 to 10;
All Annex A controls in scope as per the statement of applicability.

The audit will be performed before the end of June of year 1.

Year 2

This internal audit shall cover the following elements:

Clauses 4 to 10;
Annex A controls in scope as per the statement of applicability from A.5.1. to A.6.8 included.

The audit will be performed before the end of June of year 2.

Year 3

This internal audit shall cover the following elements:

Clauses 4 to 10;
Annex A controls in scope as per the statement of applicability from A.7.1 to A.8.34 included.

The audit will be performed before the end of June of year 3.

PreviousInternal Audit Policy NextContinual Improvement Process

Last updated 1 year ago