Itil Audit Checklist
4 4.1 Service Management system/Management Responsibility 4.1.1 101 Management commitment -Service Policy, scope Has the management established a service policy and objectives? Look for the date of release of policy, authorisation, evidences of wide publicity 102 Objectives for service management Are objectives derived from the service policy? Look for function/dept wise objectives. Check for a review that objectives are current and address the various elements of policy. 103 communicating the importance of fulfilling service requirements How well has the communication on service policy been done?
Checklists are an essential tool to minimise errors and maximise efficiency when. Used in assessment and audit to ensure all accountabilities, capabilities. Lists are generic to any industry, they are a perfect fit for ITSM and ITIL processes.
Take the channels of communication (web site, notice boards) and look for the impact. You may ask 3 persons, preferably those who have joined recently and ascertain the reach of the communication 104 communicating the importance of fulfilling statutory and legal requirements What are the means of communicating the regulatory and legal requirements?
Same as above 105 ensuring provision of resources How does the top management provide adequate resources for the establishment of a service management system? Check annual budget and the allocations made for improvements related to service delivery and customer satisfaction. 106 conducting management reviews Have the management reviews been conducted as required by the manual? Check the Minutes of Meeting and the presence of top management among attendees. Check for actions. 107 Ensuring risks are assessed and managed How well the process of risk assessment been deployed? Is there a risk assessment system for each service in place?
4.1.2 111 Establishment of service policy as per a to e Has the service policy been reviewed for adequacy? In what periodicity is it reviewed? Check with people how well they understand the policy and how they have internalised it in their functions. 4.1.3 121 Defining authorities and responsibilities Is the present organisation chart comprehensive enough to include all responsibilities as envisaged by the standard? Select a few aspects of service management like Information security and check whether the roles have been clearly defined.
Look for all locations and check for overlaps and gaps. 122 documented procedure for communication Is a documented procedure for internal communication available? Check for the instances in which the procedure has been deployed. Like appointment of MR or internal audit schedule. 4.1.4 131 Appointment of MR Has the MR been appointed from the internal staff? Look for the appointment letter and check whether the role is reporting is to the top management. 132 MR's work (see a to e) Does MR have the required mandate to carry out his/her responsibilities as defined in the standard?
Take two or three areas from standard like a) planning of internal audits b) reports to top management on implementation of standard or c) the status of licenses for software products used as part of service delivery 4.2 133 Governance of processes under others ( see a to d) How is the Governance process led by top management? Which are the internal groups and vendors who are covered by the Governance process currently? Check that the a) service providers and vendor selection mechanism exists b) vendors have defined the service delivery processes c) accountability exists for processes. This has to overlap with cl no 7.2for external suppliers and 6.1 for internal groups. 4.3.1 141 Establishing and maintaining documents is there a master list of documents? Are the release of documents done after due approval?
Is there a system for version control? Check a few entries in master list verify with actual documents, and check a few documents and trace it to the master list for correct version.
4.3.2 151 Control of Documents- Procedure Is there a procedure for control of documents and is it followed? Take some key documents like Service level agreements or service catalogues and check for all aspects of conformance to documents control procedure 4.3.3 161 Control of Records- procedure Is there a procedure for control of records and is it followed? Take some key records like back up records or audit reports and check for all aspects of conformance to procedure 4.4.1 171 Determination of resources and provision How timely the resources are provided to enable the company to improve service management system and customer satisfaction? Take a few resource requests from associates like requirement for software and check that they have been approved depending on priority.
Note any case of customer dissatisfaction due to inadequacy in provision of resources. 4.4.2 181 Competency determination for personnel Is there a process for determining the competency of existing people and providing the necessary training (or taking othe r actions ) to improve them?
Itil Incident Management Audit Checklist
Check for 10% (20 which ever is lesser) of the key resources across functions that competencies are mapped and if there are gaps, actions are taken. 182 Training for people is there a structured plan for training people and is it well deployed Take the training plan/calendar and check for the successful completion of programmes, nominations.