What is the purpose of the internal audit report in ISO 20000?

Most of us like to know when we did something well. It’s even better if it comes in writing. On the other side, if something is not as it should be – there are a lot of arguments as to why it needs to be documented. It’s the same with your ISO 20000-based Service Management System (SMS) – compliance as well as non-compliance with the standard should be evaluated and results documented.

Of course, we can wait until the surveillance audit takes place, but it’s not as easy as that. ISO 20000 requires that internal audits be performed on a regular basis. So, you’ll have to check the compliance of your SMS with the standard. And, you’ll need to document the findings. This internal audit is the mechanism I just described.

What is it?

Besides the fact that the internal audit must be well planned, the standard requires that you record the results of the internal audit. That’s where the ISO 20000 Audit checklist report comes into play. The internal audit report is, basically, the document where findings of the internal audit are recorded.

The internal audit report protects the value that the internal audit creates. This sounds complex, but it’s not. Namely, the internal audit will detect what was done well or what was done incorrectly. It will also detect nonconformities according to the standard’s requirements as well as opportunities for improvement. All of these elements could get lost if they are not documented in an orderly fashion and followed up on.

The content

The standard doesn’t set direct requirements for the internal audit report’s content. But, because the standard sets requirements for the internal audit, one can infer the content of the report. The internal audit has to check:

• the compliance of the SMS with the standard,
• whether the SMS fulfils the service requirements, and
• whether the SMS is effectively implemented.
• You can see that the internal audit report has to encompass all aspects of the SMS (i.e., functional and standard-, service-, and customer-related).
• The following items are usually found in internal audit reports:
• General data – dates of the audit and report, person responsible for the audit, etc.
• Scope of the internal audit – what was audited
• Improvement recommendations – meaning, no nonconformities, but something could be done better that it is now
• Nonconformities identified – the most important part of the internal audit report

There is no prescribed or one-template-fits-all document, but it’s important that the internal audit report contains all relevant data that leads to eliminating the nonconformity or implementing the improvement recommendation. So, you are free to adapt it to your business.

5 benefits of ITIL Change Management implementation

While growing and gathering know-how, IT service providers get more knowledgeable and experienced. That means performing the same job in less time, using less effort, and with greater efficiency. Many processes, i.e., activities are growing in maturity as the company grows. Sometimes, this ends up good, but it can also go in the opposite way. Building up processes and organization based on experience is OK if you are sure that you are going in the right direction.

ISO 20000:2018 offered by us has been carefully developed, that covers each and every requirement for documentation process and is used globally by many organization for making the best system with ISO 20000 certification.

The benefits

Being one of the most important and sensible processes, the Change Management process has to be implemented. But, besides “we have to implement the process,” are there any benefits that an efficiently implemented process brings? Because if you (and your management) are clear on what benefits the implementation of the Change Management process brings, it will be much easier to motivate yourself and your staff, and gain sponsorship from the management. So, what are the benefits of successful Change Management process implementation? Or, to put it another way, how would you explain a need for implementation of the Change Management process in your organization? Here are a few of the most important ones:

Customer satisfaction is proportional to the efficiency of the Change Management process. Failed changes are visible to your customers and influence their satisfaction, or dissatisfaction, with services you provide. Customers are watching what you are doing – from announcing a change until the change implementation finishes. Keep in mind that customers pay your bill. Unsatisfied customer will maybe pay the bill, but certainly not for long.

Protection of services in the live environment – well, you should be particularly careful with live services. Every malfunction or new incident is highly visible. And, to be sure, your users don’t like them. As we said before, unsuccessful changes or changes that are handled with low quality are quite often causing new incidents on, you guessed it – live services.

Reduction in number of unauthorized changes – that is a test of your management skills. Meaning, unauthorized changes happen when there is no process in place, or where the process is not managed and monitored. Let’s say – you are responsible for an ITSM organization.

Easier follow-up on business changes – it’s not a secret that the business environment is quite often – changing. And, IT services have to follow up. By having a managed Change Management process you will ensure efficient interfaces toward the business and success in implementation. That includes faster reaction to changing business requirements and efficiency of business processes after changes are implemented.

Improved staff efficiency – to explain this, let me ask you – do you like to work in a chaotic and uncontrolled environment? Most probably – no. So, neither do your colleagues and employees. They will appreciate a managed environment, which includes the change process as well. In such way they will know what their tasks are, what their responsibilities or other peoples are who are involved in the Change Management process, who is authorizing changes, etc.