Day 2 focuses on audit principles and preparation, including evidence-based and risk-based auditing, audit initiation, and stage 1 audit activities.
Day 2 is dedicated to the principles and preparation activities that determine audit quality and efficiency. It bridges the understanding of ISO 37301 requirements from Day 1 with the on-site audit work covered on later days.The agenda begins with fundamental audit concepts and principles, reinforcing expectations for independence, objectivity, and professional judgment. It also addresses the impact of trends and technology in auditing, highlighting how audit methods and evidence sources continue to evolve.A core focus is evidence-based auditing. Participants learn how to identify, obtain, and evaluate audit evidence so conclusions are supported by verifiable information. Risk-based auditing is also emphasized, guiding auditors on how to prioritize effort based on compliance risk and potential impact.The day then moves into initiation of the audit process and stage 1 audit activities. Stage 1 audits are used to confirm scope, understand the CMS structure, and assess readiness for stage 2 activities. Proper preparation at this stage improves audit planning and reduces inefficiencies during execution.By the end of Day 2, participants have a clear framework for planning CMS audits, selecting appropriate techniques, and structuring audit activities in line with ISO 19011 guidance.
Strong audits are won or lost in preparation. Stage 1 work should clarify scope, risks, and evidence expectations so stage 2 effort is focused and productive.Risk-based thinking helps auditors spend time where it matters most, rather than treating all controls equally.
“Preparation and principles set the tone for the entire audit.”
ISO 37301 has shifted compliance from a legal function to a governance capability. This training prepares professionals to design, implement, and sustain a compliance management system that withstands regulatory scrutiny and operational reality.
View courseThis three-day course teaches you how to conduct and manage management system internal audits in line with ISO 19011 guidance and related best practices. You learn internal audit concepts, auditor competence and behavior, and common requirements across management system standards.
View courseThis course prepares experienced professionals to lead audits of Anti bribery Management Systems aligned with ISO 37001:2025. Participants develop the capability to evaluate real control environments, test anti bribery measures, and issue defensible audit conclusions.
View courseISO 37301 audits assess whether a compliance management system is designed, implemented, and maintained in line with defined requirements. The focus is on governance, controls, processes, and evidence supporting compliance activities.
byHenri HAENNI
Stage 1 focuses on initiating the audit and checking readiness against requirements. Stage 2 is where on-site audit activities are performed, including executing procedures, communicating with auditees, and using test plans.
byJean MUNYARUGERERO
ISO 19011 influences audits by emphasizing risk-based planning, sampling, evidence evaluation, and consistent reporting across the audit lifecycle.
byLekë ZOGAJ
ISO 37301 audits assess whether a compliance management system is designed, implemented, and maintained in line with defined requirements. The focus is on governance, controls, processes, and evidence supporting compliance activities.
The course teaches how to draft audit findings and nonconformity reports, perform quality review, close audits, and evaluate action plans as part of follow-up.
The course combines lectures with real-case examples, case-study-based practical exercises, review activities, and a practice test aligned with the certification exam.
The exam is domain-based, delivered online, and lasts three hours. It assesses CMS fundamentals, ISO 37301 requirements, and the full audit lifecycle including planning, execution, closing, and audit program management.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.