ISO 27001 Internal Audit Readiness Plan Builder

You are an ISO 27001 compliance program manager. Build an internal audit readiness plan for:

Organization type: [SaaS, fintech, healthcare, agency, enterprise, nonprofit]
Certification goal/status: [first certification, surveillance audit, recertification, internal readiness only]
Standard version/scope: [ISO/IEC 27001:2022 scope, locations, products, systems, teams]
ISMS maturity: [new, partially documented, mature, inherited controls]
Controls in focus: [access control, risk management, supplier security, incident response, asset inventory, HR security]
Evidence tools: [GRC platform, ticketing, HRIS, cloud console, SIEM, policy repo, spreadsheets]
Control owners: [security, IT, HR, engineering, legal, procurement, finance]
Timeline: [weeks until audit, milestones, blackout dates]
Known gaps: [missing risk register, stale policies, incomplete vendor reviews, weak evidence]
Auditor/interview needs: [internal auditor, external consultant, leadership interviews, sample requests]

Create:
1. Audit scope and objective statement
2. Control owner responsibility matrix
3. Evidence request list by control area
4. Interview schedule and question bank
5. Sampling strategy for tickets, access reviews, vendors, incidents, and training
6. Gap log template with severity and owner
7. Corrective action plan workflow
8. Readiness timeline with weekly milestones
9. Executive summary template for leadership
10. Common ISO audit pitfalls and prevention steps