ISO/IEC 42001 Internal Audit Prep
Evidence readiness, internal audit cycle support, and mock audit preparation before Stage 1/2 — so your AIMS is not just “described”, but provable.
Why internal audit prep matters
Stage 1/2 audits rarely fail because you “didn’t have a policy”. They fail because roles, controls, and evidence don’t connect to real AI operations. We fix that with an auditor-style approach, but with engineering realism.
Evidence readiness
Evidence binder structure + gaps list, so you know what’s missing and who owns it.
Internal audit cycle
Audit program, checklists, sampling logic, interview scripts, CAPA tracking and closure.
Mock audit rehearsal
A realistic “auditor Q&A” run-through and a final readiness heatmap before Stage 1/2.
What’s included
Choose the level you need: from evidence cleanup to a full internal-audit + mock-audit sprint.
Evidence readiness pack
We build a simple evidence map that auditors can follow: requirement → control → evidence → owner.
- Evidence binder structure (folders + naming conventions)
- Evidence list with owners + retrieval links
- Gap list + quick wins vs. structural fixes
- Portfolio overview: AI inventory sanity check (scope boundaries)
Internal audit cycle support
We run (or co-run) an internal audit that produces credible findings and CAPA actions — aligned with ISO-style auditing.
- Internal audit program + scope statement + sampling plan
- Audit checklists and interview scripts (auditor-friendly)
- Audit execution support (interviews + evidence review)
- Findings write-up (NC/OFI) + CAPA tracking + closure proof
Mock audit preparation (Stage 1/2 rehearsal)
A realistic rehearsal designed to surface the questions auditors will ask and the evidence they expect — including operational controls for AI systems (change control, evals, monitoring, incident response).
- Mock audit agenda + stakeholder interview plan
- Evidence walk-through: “show me” drills
- Readiness heatmap + top risks before Stage 1/2
- Red-team questions: governance, oversight, supplier controls
- Remediation plan: owners, timing, quick fixes vs deeper work
- Optional: executive debrief slides for leadership
Who this is for
Ideal for organizations that want ISO/IEC 42001 audit readiness without surprises — especially if you already run ISO 27001 / 9001 processes and want to reuse them.
Good fit if you…
- Are targeting Stage 1/2 with a cert body in the next 2–4 months
- Have at least one AI system in scope and need evidence-ready controls
- Need internal audit outputs (findings + CAPA) to demonstrate maturity
- Want a pragmatic bridge between governance, legal, and engineering
We clarify early if…
- Your AIMS scope is not defined (we can fix scope first)
- Evidence sources are spread across teams/tools with no ownership
- You need operational controls (evals/logging/gates) before audit (we’ll propose an AI-Ops Sprint)
Pricing approach
Scoping is fast. We estimate effort based on maturity, number of AI systems, and audit timeline.
What drives scope
- Number of AI systems in AIMS scope + risk level
- Existing ISO 27001/9001 maturity (reuse reduces cost)
- Evidence availability (already structured vs scattered)
- Whether you need a full internal audit cycle + CAPA support
- How close you are to Stage 1/2 (timeline compression)
Typical engagement formats
Want to reduce Stage 1/2 audit risk?
In a short call we’ll pick the right lane (evidence-only, internal audit cycle, mock audit rehearsal), define owners, and set a timeline to get you audit-ready.
Book a Free 30-min Call