Joined: Aug 11, 2006 Posts: 262 Location: Netherlands
Posted: Wed Sep 06, 2006 3:02 am Post subject:
There are plenty of service management tools that support an automated workflow for (non standard) change management. Personally, I have good experience with both Assyst from Axios and HP Service Desk. I cannot believe that an auditor wants to see paperwork when you can have such a powerfull solution in operation.
The auditors I know are far more interested in evidence that the process and whether procedures have been followed rather than a paper signature that says they have. I'd go so far as to say that automation of such things that will not permit you to go any further without the appopriate authorisation are less subject to abuse than a paper based system.
Joined: Jan 01, 2006 Posts: 500 Location: New Jersey
Posted: Fri Sep 08, 2006 6:42 am Post subject:
Some things to keep in mind.
A few electronic systems out there, such as our own, require authenticated logins and ensure that every creation, modification, etc. to any and all data is fully timestamped, traced back to the resource performing the action, and that full history details are kept for detailed audit reviews. In such a case, we have yet to come across a single auditing organization that wouldn't accept the electronic data as the definitive source.
The only time it should be an issue is when there is no history and audit records can't be traced back to fully entitled and authenticated users of the system.
The other thing I recommend (on the assumption that the auditors are internal) is to go to the auditing organization and simply ask "why" they require a manual signature. You might find that this might simply be an antiquated/legacy policy that could easily be updated to match the digital age and more modern practices, especially if you can make auditors' lives easier and provide them with more (and more accurate) information. If the auditors are external, then you may want to question their ability to perform quality audits, because we have some of the biggest auditing firms in the world, here in the US, and they're pretty open to accepting electronic trails.
Anyhow, I hope this helps.
Regards, _________________ [Edited by Admin to remove link]
Joined: Aug 14, 2006 Posts: 16 Location: London, UK
Posted: Mon Sep 18, 2006 10:31 pm Post subject:
When you say auditors, what is it they are auditing?
I think the answers so far have focused on the audit of the processes/procedures.
In my organisation we have auditors for this purpose but also financial audits which are entirely seperate from the service management audits.
The financial auditors prefer to see physical signed copies as they are probably harder to forge but a wider initiative has overrulled them by the introduction of e-filing tool etc which contains an electronic audit trail anyway.
As long as what, who, when and how is recorded it keeps everyone happy. Almost all of the SM tools will have some sort of facility to do this.
get them to define exactly which categories of change require a written signature: keep the scope tight. For only those ones, make one step in the workflow be to print it out and get it signed and file it. For everything else just get on with life. _________________ The IT Skeptic
see you at itskeptic.org
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum