Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Feedback
· News
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account


The five ITIL books can be obtained directly from the publisher's website:

Or as downloadable PDFs: HERE

Current Membership

Latest: SEOpumma
New Today: 4
New Yesterday: 26
Overall: 231715

People Online:
Visitors: 109
Members: 0
Total: 109



Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Resources

Service related resources
Service Level Agreement

How to set up
IT Change Management
Process Info-Graphic

NOTE: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


Select Interface Language:

Please contact us via the feedback page to discuss advertising rates.

The Itil Community Forum: Forums

ITIL :: View topic - Why Perform Config Management Audit
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Why Perform Config Management Audit

Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management
View previous topic :: View next topic  
Author Message

Joined: Aug 08, 2007
Posts: 1

PostPosted: Thu Aug 09, 2007 1:15 am    Post subject: Why Perform Config Management Audit Reply with quote

I am preparing a management report that will act as a means of explaining to every one in IT department whay we perform Config Management audits.
While I personally know the reason for performing such audits, would anybody help me point to a few points that describes why such an audit should be performed?

Back to top
View user's profile
Senior Itiler

Joined: Sep 16, 2006
Posts: 3597
Location: London, UK

PostPosted: Thu Aug 09, 2007 3:17 am    Post subject: Reply with quote

Then you should use your reason for the audit ... sarcasm off .. on by default.

The premise behind Configuration Management


Status Accounting

It is the only way to ensure you have what you say you have and where they are.
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile

Joined: Jul 20, 2007
Posts: 2

PostPosted: Fri Aug 10, 2007 10:05 pm    Post subject: Why audit? Well, what if you don't? Reply with quote

The OGC manual is very clear on audits:

"The configuration audits should check in addition that Change and Release records have been properly authorised by Change Management and that implemented Changes are as authorised. Configuration audits should be considered at the following times:
1. Shortly after implementation of a new Configuration Management System
2. Before and after major changes to the IT infrastructure
3. Before a software release or installation to ensure that the environment is as expected
4. Following recovery from disasters and after a "return to normal"(This audit should be included in the contingency plan)
5. at random intervals
6. In response to the detection of any unauthorised CI's
7. At regular intervals

There you have it. Ofcourse, OGC is best practices and mind the word "should be considered". But, lets see what happens if you do not audit. Any idea on how your CMDB performs? Is it 80% accurate, or 90% or maybe even 30%. Do you get a lot of incidents as result from changes that have not had a proper impact analysis? Does it cost a lot of time to recover those "errors"?

The question is not "do I have to audit?" But "how am i going to perform an audit in an efficent way?".
Back to top
View user's profile
Senior Itiler

Joined: Jan 03, 2007
Posts: 189
Location: Redmond, WA

PostPosted: Sat Aug 11, 2007 12:28 am    Post subject: Reply with quote

You should also perform audits to ensure that the organization is compliant to the Configuration Management process. When measuring Key Performance Indicators (KPIs), you should measure against:

Value (show me the money)
Performance (how fast or how many)
Quality (how well or accurate)
and Compliance (are we doing what we are supposed to be doing)

And all of your process should have some representation of metrics from each of these categories. A CMDB audit is a key Compliance measurement.
Back to top
View user's profile
Senior Itiler

Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Sun Aug 26, 2007 4:02 pm    Post subject: Reply with quote

Hello Anand,

Your management, if they're like most management, won't care about what the OGC has to say or why IT thinks you should be auditing your configurations.

Very simply, in order to make it worth "their" while, you will need to break things down in terms of concepts they will understand. I recommend you use drivers such as:

- Minimization/Reduction of Costs associated with poor quality of work
- Risk of poor corporate brand perception, based on customer and market interpretation of corporate capability
- Minimization of labor execution costs through proof of automation
- Proof of control over inventories to ensure optimized spend and appropriate depreciation
- Etc.

The truth is that if you're a mature enterprise, you will have automated most of your processes for things like builds (excluding physical infrastructure), deployments, installations, instantiations, executions, rollbacks, administrative monitoring, etc. Each piece of any one of these processes should have "expected configurations" that can be compared to "actual configurations".

Remember, your leaders think in terms of "money", not "IT". And, to most leaders, IT is an expense. Therefore, focusing on what's important to them will help them understand the need for it. If you focus on what's important to you, your team, or the OGC, you run a strong risk of not getting the support you will need from your leadership.

My Best,

Frank Guerino, CEO
On-Demand ITIL
Back to top
View user's profile Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.