Most of us like to know when we did something well. It’s even better if it comes in writing. On the other side, if something is not as it should be – there are a lot of arguments as to why it needs to be documented. It’s the same with your ISO 20000-based Service Management System (SMS) – compliance as well as non-compliance with the standard should be evaluated and results documented.
Of course, we can wait until the surveillance audit takes place, but it’s not as easy as that. ISO 20000 requires that internal audits be performed on a regular basis. So, you’ll have to check the compliance of your SMS with the standard. And, you’ll need to document the findings. This internal audit is the mechanism I just described.
What is it?
Besides the fact that the internal audit must be well planned, the standard requires that you record the results of the internal audit. That’s where the ISO 20000 Audit checklist report comes into play. The internal audit report is, basically, the document where findings of the internal audit are recorded.
The internal audit report protects the value that the internal audit creates. This sounds complex, but it’s not. Namely, the internal audit will detect what was done well or what was done incorrectly. It will also detect nonconformities according to the standard’s requirements as well as opportunities for improvement. All of these elements could get lost if they are not documented in an orderly fashion and followed up on.
The content
The standard doesn’t set direct requirements for the internal audit report’s content. But, because the standard sets requirements for the internal audit, one can infer the content of the report. The internal audit has to check:
- the compliance of the SMS with the standard,
- whether the SMS fulfils the service requirements, and
- whether the SMS is effectively implemented.
- You can see that the internal audit report has to encompass all aspects of the SMS (i.e., functional and standard-, service-, and customer-related).
- The following items are usually found in internal audit reports:
- General data – dates of the audit and report, person responsible for the audit, etc.
- Scope of the internal audit – what was audited
- Improvement recommendations – meaning, no nonconformities, but something could be done better that it is now
- Nonconformities identified – the most important part of the internal audit report
There is no prescribed or one-template-fits-all document, but it’s important that the internal audit report contains all relevant data that leads to eliminating the nonconformity or implementing the improvement recommendation. So, you are free to adapt it to your business.