During the audit, an auditor might ask for the following evidence regarding ISO 27001 clause 9.2 Internal audit:
1. To show mandatory documents - Internal audit program, Internal audit report, and nonconformities.
2. If your internal auditor is not in a conflict of interest, and if she is competent for performing the audit.
3. If your Internal audit program has all the mandatory elements - responsibilities, frequency, audit methods, and audit criteria.
4. If the Internal audit report has been reported to the top management, and if it was reviewed during the management review.
5. If the internal auditor has audited the whole ISMS scope.
6. If the internal auditor has taken into account all security requirements - e.g., ISO 27001, internal policies and procedures, and requirements from interested parties.