First define the objective and scope of your audit. What is important to the business (from an IM & PM perspective) that you want to see confirmed?
E.g., if you want to verify that incidents are handled in accordance with their severity, you may want to use metrics to generate reports that will show you what percentage of severity 1 incidents were resolved within the target resolution time for that severity level, and so on. In this case you would probably also sample a bunch of incident tickets and verify if they were set to the correct severity level. Then, if you find that many tickets were misclassified (i.e. set to the wrong severity level), you would want to dig deeper and find out why this happened (maybe because of insufficient training of support staff). This would be a follow-up to your audit though; your audit is only to verify.
So again, identify what you want to verify with your audit. The audit then focuses on:
- does it exist?
- is it documented?
- is reality in accordance with what is documented?
The first two parts are usually the easier parts. Once you have those and you know your objective and scope, you can then determine how you can verify reality versus the documentation, e.g. through:
- available metrics/reports in your ticket tracking system
- evaluating sample cases against the documentation
- surveys of staff (be careful who you pick; your source needs to be reliable)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum