{"id":6873,"date":"2017-03-07T17:05:59","date_gmt":"2017-03-07T17:05:59","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/20000academy\/?p=6873"},"modified":"2024-12-12T16:44:41","modified_gmt":"2024-12-12T16:44:41","slug":"what-is-the-purpose-of-the-internal-audit-report-in-iso-20000","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/20000academy\/blog\/2017\/03\/07\/what-is-the-purpose-of-the-internal-audit-report-in-iso-20000\/","title":{"rendered":"What is the purpose of the internal audit report in ISO 20000?"},"content":{"rendered":"<p>Most of us like to know when we did something well. It\u2019s even better if it comes in writing. On the other side, if something is not as it should be \u2013 there are a lot of arguments as to why it needs to be documented. It\u2019s the same with your <a href=\"https:\/\/staging.advisera.com\/20000academy\/what-is-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 20000<\/a>-based Service Management System (SMS) \u2013 compliance as well as non-compliance with the standard should be evaluated and results documented.<\/p>\n<p>Of course, we can wait until the surveillance audit takes place, but it\u2019s not as easy as that. ISO 20000 requires that internal audits be performed on a regular basis. So, you\u2019ll have to check the compliance of your SMS with the standard. And, you\u2019ll need to document the findings. This internal audit is the mechanism I just described.<\/p>\n<h2>What is it?<\/h2>\n<p>Besides the fact that the internal audit must be well <a href=\"https:\/\/staging.advisera.com\/20000academy\/documentation\/annual-internal-audit-program-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">planned<\/a>, the standard requires that you record the results of the internal audit. That\u2019s where the internal audit report comes into play. The internal audit report is, basically, the document where findings of the internal audit are recorded.<\/p>\n<p>The internal audit report protects the value that the internal audit creates. This sounds complex, but it\u2019s not. Namely, the internal audit will detect what was done well or what was done incorrectly. It will also detect nonconformities according to the standard\u2019s requirements as well as opportunities for improvement. All of these elements could get lost if they are not documented in an orderly fashion and followed up on.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2>The content<\/h2>\n<p>The standard doesn\u2019t set direct requirements for the <a href=\"https:\/\/staging.advisera.com\/20000academy\/documentation\/internal-audit-report-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">internal audit report\u2019s<\/a>\u00a0content. But, because the standard sets requirements for the internal audit, one can infer the content of the report. The internal audit has to check:<\/p>\n<ul>\n<li>the compliance of the SMS with the standard,<\/li>\n<li>whether the SMS fulfills the service requirements, and<\/li>\n<li>whether the SMS is effectively implemented.<\/li>\n<\/ul>\n<p>You can see that the internal audit report has to encompass all aspects of the SMS (i.e., functional and standard-, service-, and customer-related).<\/p>\n<p>The following items are usually found in internal audit reports:<\/p>\n<ul>\n<li>General data \u2013 dates of the audit and report, person responsible for the audit, etc.<\/li>\n<li>Scope of the internal audit \u2013 what was audited<\/li>\n<li>Improvement recommendations \u2013 meaning, no nonconformities, but something could be done better that it is now<\/li>\n<li>Nonconformities identified \u2013 the most important part of the internal audit report<\/li>\n<\/ul>\n<p>There is no prescribed or one-template-fits-all document, but it\u2019s important that the internal audit report contains all relevant data that leads to eliminating the nonconformity or implementing the improvement recommendation. So, you are free to adapt it to your business.<\/p>\n<h2>What\u2019s the use?<\/h2>\n<p>Compared to the report of the certification audit (issued by the certification body), the <a href=\"https:\/\/staging.advisera.com\/20000academy\/documentation\/procedure-for-internal-audit\/\" target=\"_blank\" rel=\"noopener noreferrer\">internal audit<\/a>\u00a0report includes an internal view on the SMS. Of course, it confirms that the SMS has fulfilled all ISO 20000 requirements (or, maybe not), but it also provides recommendations for improvements where the SMS fulfills the requirements of the standard, but something could be done better. In essence, the internal audit challenges how the implemented standard underpins the business activities of the company.<\/p>\n<p>For example, you can have incident management implemented according to the standard, and nothing is missing, so you could assume that everything is OK. But, the internal audit reveals that your staff involved in incident management communicates very poorly (using techie language) with non-technical users. So, the level of understanding is almost zero. Users are keen to contact the Help Desk. If you check only incident management, you would get the impression that the process is OK and the company does not have any issues in that area. But, looking around \u2013 there are places for improvement.<\/p>\n<p>So, besides checking compliance with the standard and taking a critical look at the application of the SMS on daily activities, the internal audit report is used in management review and should be communicated to all interested parties. That means that the internal audit report should be used by everyone in the organization (not only top management at the management review meeting) who is affected by the SMS\u2019s (non) efficiency.<\/p>\n<h2>It\u2019s your tool, anyway<\/h2>\n<p>The internal audit and related internal audit report should not be just a bureaucratic step in the lifecycle of your <a href=\"https:\/\/staging.advisera.com\/20000academy\/iso-20000-documentation-toolkit\/?rel=sms-related-documents&#038;doc=service-management-system-scope\" target=\"_blank\" rel=\"noopener\">SMS<\/a>. If you take a business view and use of the SMS, stay positive during the audit, and have improvement in mind while writing the report \u2013 there should be fewer people who would find themselves pointed out (in a negative way) in the report.<\/p>\n<p>Additionally, if you write your internal audit report in a positive and easy-to-understand tone, you create a constructive tool that will be used by the organization to become more efficient, as well as more user- and service-oriented. Having that in mind, the internal audit will turn from being a \u201cnecessary evil\u201d into a \u201chidden weapon\u201d that your competition may not have.<\/p>\n<p><em>To implement ISO 20000 easily and efficiently, use our<\/em> <a href=\"https:\/\/staging.advisera.com\/20000academy\/iso-20000-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 20000 Documentation Toolkit<\/a> <em>that provides step-by-step guidance for full ISO 20000 compliance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most of us like to know when we did something well. It\u2019s even better if it comes in writing. On the other side, if something is not as it should be \u2013 there are a lot of arguments as to why it needs to be documented. It\u2019s the same with your ISO 20000-based Service Management &#8230;<\/p>\n","protected":false},"author":32,"featured_media":6875,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[574,125,572,366,573],"class_list":["post-6873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-improvement-recommendation","tag-internal-audit","tag-internal-audit-report","tag-iso-20000","tag-nonconformity"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/comments?post=6873"}],"version-history":[{"count":3,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6873\/revisions"}],"predecessor-version":[{"id":17955,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6873\/revisions\/17955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/media\/6875"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/media?parent=6873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/categories?post=6873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/tags?post=6873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}