{"id":8176,"date":"2018-04-11T13:53:44","date_gmt":"2018-04-11T13:53:44","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/20000academy\/?p=8176"},"modified":"2024-12-12T13:41:44","modified_gmt":"2024-12-12T13:41:44","slug":"how-to-prepare-for-an-iso-20000-internal-audit","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/20000academy\/blog\/2018\/04\/11\/how-to-prepare-for-an-iso-20000-internal-audit\/","title":{"rendered":"How to prepare for an ISO 20000 internal audit"},"content":{"rendered":"<p>An internal audit of your <a href=\"https:\/\/staging.advisera.com\/20000academy\/what-is-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 20000<\/a> Information Technology Service Management (ITSM) system is a useful management tool. Properly prepared and managed, the internal audit gives an overview of how the organization \u2013 and the IT services it delivers \u2013 are set up, managed, and improved. But, after spending months to implement ISO 20000, many people involved in the implementation think that the internal audit is just one more checkbox to be ticked before the \u201creal\u201d auditor comes.<\/p>\n<p>Besides the fact that ISO 20000 (like other international standards) requires an <a href=\"https:\/\/staging.advisera.com\/20000academy\/iso-20000-documentation-toolkit\/?rel=sms-related-documents&#038;doc=procedure-for-internal-audit\" target=\"_blank\" rel=\"noopener\">internal audit<\/a> as a mandatory step before the certification audit, the internal audit is an organization\u2019s tool to assess the current state of their ITSM system. But, to be sure that the internal audit is efficient, there are a few steps that need to be taken care of.<\/p>\n<h2>Keep control<\/h2>\n<p>When we discuss the internal audit, companies usually have their own approach based on their size, the type of business they do, implementation of the service management system (SMS), etc. But, there are some steps that the majority of organizations need to consider while preparing for the internal audit:<\/p>\n<p><strong>1) Recruit and train your internal auditor<\/strong> \u2013 First of all, ISO 20000 prohibits auditors from auditing their own work, and for good reason. Therefore, you need to look for one or more people who are independent from the implementation project and educate them on how to perform an internal audit of the ITSM system. There are few options for that. It\u2019s quite common for organizations to use their own employees who, on a part-time basis, perform the role of internal auditor. Then, there are companies that have their own internal auditors (particularly in larger organizations), and finally, there are companies that engage external parties for the internal audit.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><br \/>\n<strong>2) Make it official<\/strong> \u2013 The standard requires a documented procedure for the internal audit with defined authorities and responsibilities. Also, the <a href=\"https:\/\/staging.advisera.com\/20000academy\/iso-20000-documentation-toolkit\/?rel=sms-related-documents&#038;doc=annual-internal-audit-program\" target=\"_blank\" rel=\"noopener\">internal audit plan<\/a> should be prepared, along with the time schedule of the audit. Afterward, the audit report and nonconformities must be documented. Although it seems bureaucratic, it\u2019s actually quite useful because this way, everyone involved will know exactly what to do. Read the article <a href=\"https:\/\/staging.advisera.com\/20000academy\/blog\/2016\/06\/07\/iso-20000-internal-audit-what-is-it-and-why-is-it-important\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 20000 internal audit \u2013 What is it and why is it important?<\/a>\u00a0to learn more about the internal audit.<\/p>\n<p><strong>3) Prepare for the audit<\/strong> \u2013 \u201cHomework\u201d needs to be done before the audit, and the results of that preparation will be reflected in the internal audit checklist. Your internal auditors need to be familiar with the standard\u2019s requirements, as well as the scope of the implementation. Additionally, they will need to have clear understanding about the IT services the company provides, the organizational setup, and the processes that support the services. In this way, they will have clear view of the relationship between the standard\u2019s requirements and services you provide. Good preparation of your internal auditors includes a review of the results of previous internal and certification audits. Work done during the preparation will be checked once the internal audit starts. Read the article <a href=\"https:\/\/staging.advisera.com\/20000academy\/blog\/2016\/11\/08\/how-to-create-an-iso-20000-internal-audit-checklist\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to create an ISO 20000 internal audit checklist<\/a>\u00a0to see how to create the checklist for the internal audit.<\/p>\n<p><strong>4)<\/strong> <strong>Prepare your employees<\/strong> \u2013 This is one of the more difficult steps. Usually, employees see the audit as a management tool used to find mistakes in the way someone performs his job. Let\u2019s be straight \u2013 there are many methods one could use to estimate someone\u2019s efficiency, but the internal audit shouldn\u2019t be one of them. Instead, the internal audit should be communicated and presented to your employees as an improvement tool, which is also how corrective actions should be presented.<\/p>\n<p><strong>5) Involve top management<\/strong> \u2013 All of the above mentioned about preparing your employees will be highly influenced by the top management\u2019s approach to the internal audit. Top management needs to see the internal audit from the perspective of potential improvement (not as a tool for finding fault) and should be involved in approving internal audit-related documents (like the procedure and audit plan). They should also actively participate in results analysis (e.g., by reading the internal audit report and ensuring that corrective actions are implemented). In this way, employees will see that the internal audit is not used to find someone to blame, but to make positive progress in the company\u2019s IT Service Management.<\/p>\n<p>Regardless of whether you use an internal or an external auditor, all these steps need to be done. If you do use an external auditor to perform the internal audit for you, then you\u2019ll need someone inside your organization to be his helping hand (e.g., to organize the people involved, to create awareness inside the organization and among its employees, to communicate and help the auditor with top management and their involvement, etc.).<\/p>\n<h2>Forget perfection<\/h2>\n<p>Everyone involved in the SMS has some responsibility for the internal audit. Top management should not see it as an overhead cost, but approach it seriously and put it on their regular agenda. SMS management needs to educate all involved employees and proactively manage preparation and execution of the internal audit. Later on, after the internal audit is finished, they need to manage all actions related to any nonconformities that were found. Employees should dedicate their time to actively participate and cooperate with auditors.<\/p>\n<p>Nothing in the world is perfect. The same applies for the implemented SMS, too. Therefore, the internal audit is an excellent tool to detect imperfections (i.e., nonconformities) that could potentially harm the SMS and the IT services it supports. Your customers are the users of your services and, for sure, no one wants to put their satisfaction in danger.<\/p>\n<p><em>To implement ISO 20000 easily and efficiently, use our<\/em> <a href=\"https:\/\/staging.advisera.com\/20000academy\/iso-20000-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 20000 Documentation Toolkit<\/a> <em>that provides step-by-step guidance for full ISO 20000 compliance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An internal audit of your ISO 20000 Information Technology Service Management (ITSM) system is a useful management tool. Properly prepared and managed, the internal audit gives an overview of how the organization \u2013 and the IT services it delivers \u2013 are set up, managed, and improved. But, after spending months to implement ISO 20000, many &#8230;<\/p>\n","protected":false},"author":32,"featured_media":8177,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[125,366,344],"class_list":["post-8176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-internal-audit","tag-iso-20000","tag-itil"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/8176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/comments?post=8176"}],"version-history":[{"count":2,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/8176\/revisions"}],"predecessor-version":[{"id":17932,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/8176\/revisions\/17932"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/media\/8177"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/media?parent=8176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/categories?post=8176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/20000academy\/wp-json\/wp\/v2\/tags?post=8176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}