The results of the audit:

a) Are the evaluation results of the audit evidence gathered against the audit

criteria.

b) They are considered findings and can be classified as conformity or

nonconformity.

c) It is an audit method to reach reliable conclusions.

d) If the audit criteria are selected from legal requirements or regulatory

requirements, the audit finding is referred to as compliance or noncompliance.

It establishes that the organization must define a risk assessment process:

It establishes that the organization must implement the risk treatment

process:

These are risk management strategies except:

Type of strategy where the implementation of a control to reduce the level of

risk is defined:

The “Statement of Applicability” must contain:

According to ISO 19011:2018 audit is defined as a systematic, independent,

documented process for obtaining evidence and evaluating it objectively, in

order to determine the extent to which the audit criteria are met.