An IT Audit Checklist often uncovers specific deficiencies that cause major problems for a business. With the constantly changing IT technology, your business could be at risk for a variety of reasons. Plus, there is the reality that hackers and cyber-security threats are also constantly evolving. When you follow through with an IT Audit. IT audit checklist is a sheet of paper or electronic list (a Microsoft Excel spreadsheet or a screen or set of screens in a specialized software. Checklists for getting service management right. Problem Tracking and Audit Trail - provide for adequate audit trail facilities which allow tracing from incident to underlying cause (e.g. Package release or urgent change implementation) and back. It should closely interwork with change management, availability management and configuration management. ITIL Process: ITIL Service Transition - Configuration Management. Checklist Category: ITIL Templates - Configuration Management. Source: Checklist 'CMDB Audit Report' from the ITIL Process Map V2. The following information is recorded within the CMDB Audit Report: Date and time of the audit. ITIL / ISO 20000 document template: Annual Internal Audit Program. The purpose of this document is to define how often the internal audits will be conducted, and by which rules. The document is optimized for small and medium-sized organizations – we believe that.
ITIL Process: ITIL Service Transition - Configuration Management
Checklist Category: ITIL Templates - Configuration Management
Source: Checklist 'CMDB Audit Report' from the ITIL Process Map V2
The following information is recorded within the CMDB Audit Report:
- Date and time of the audit
- Person in charge
- Audited area of the CMDB (types of CIs, which were audited)
- Audited area of business (organizational areas or departments, in which the audit was carried out)
- Method of audit (i.e. based on automated tools, manual audit)
- Results of the audit
- Revealed differences between CMDB and actual CIs installed
- Effects of the deviations
- Corrections carried out to the CMDB
- Improvement potentials
- Reasons for the revealed differences between CMDB and actual CIs installed
- Measures for the future avoidance of the differences
- Description
- Person in charge
By: Stefan Kempter , IT Process Maps.
Objective:ITIL Process Evaluation aims to evaluate processes on a regular basis. This includes identifying areas where the targeted process metrics are not reached, and holding regular benchmarkings, audits, maturity assessments and reviews.
Part of: Continual Service Improvement
Process Owner: Process Architect
Process Description
A key change between ITIL V2 and ITIL V3 has been a new focus on continually improving services and processes. Service and process Evaluations are an essential element of 'Continual Service Improvement (CSI)'.
To reflect the new structure of Service Strategy processes in ITIL 2011 the interfaces of the process have been adapted. The process overview of ITIL Process Evaluation (.JPG) shows the key information flows (see fig. 1).
ITIL 4 describes the process evaluation key activities in the general management practice of 'Continual improvement'.
Sub-Processes
These are the ITIL Process Evaluation sub-processes and their process objectives:
Process Management Support
- Process Objective: To support all parties involved in managing and improving processes, in particular the Process Owners. This process will also coordinate all modifications to processes and update the Process Architecture, thereby making sure that all processes cooperate in a seamless way.
Process Benchmarking
- Process Objective: To evaluate processes in relation to comparable organizations, with the aim of identifying shortcomings and developing plans for improvement.
Process Maturity Assessment
- Process Objective: To evaluate processes in relation to best practice, with the aim of identifying shortcomings and developing plans for improvement (see Process Evaluation Report).
Process Audit
- Process Objective: To perform process audits in order to certify compliance of the processes with certain standards or regulatory requirements.
Process Control and Review
- Process Objective: To submit processes to regular reviews, and to identify process weaknesses which should be addressed by process improvement initiatives.
Definitions
The following ITIL terms and acronyms (information objects) are used in ITIL Process Evaluation to represent process outputs and inputs:
Change Request to Process Architecture
- A request to change or extend the Process Architecture, usually issued from the Service Design process when the introduction or modification of a service is not possible within the constraints of the existing process framework.
KPI Target Value
- The to-be value of a Key Performance Indicator (KPI). It is the responsibility of the Process Owners to manage and optimize processes so that KPI targets are achieved.
Process Architecture
- An overview of all processes and process interfaces, used as a tool to make sure that all processes within an organization cooperate in a seamless way. The Process Architecture is part the Enterprise Architecture.
Process Assessment Guideline
- A guideline describing the four most-often used approaches to evaluate the underlying service management processes: Process Maturity Assessments, Benchmarks, Audits and Process Reviews.
Process Design
- The description of a process including its inputs and outputs, activities, and responsibilities. Process Designs are under the control of Process Management.
Process Evaluation Program
- The purpose of the Process Evaluation Program is to make sure all relevant processes and areas of the organization are subject to regular Process Maturity Assessments, Benchmarks, Audits and/ or Process Reviews, as appropriate.
- Note: The concept of a 'Process Evaluation Program' has been added in ITIL 2011.
Process Evaluation Report
- The results from a Process Maturity Assessment, Benchmarking, Audit, or Process Review, including identified shortcomings and areas which must be addressed by improvement initiatives.
Process Metric (KPI)
- Process Metrics (Key Performance Indicators – KPIs) define what is to be measured and reported to help manage a process.
Seven-Step Improvement Guideline
- The Seven-Step Improvement approach (7-Step Improvement) is presented in the ITIL books as the Seven-Step Improvement Process. Rather than a process it is in fact the description of a methodology which can be universally applied to identify shortcomings in services and processes and to implement improvements.
Suggested Process Improvement
- Suggestion for improving Service Management processes, handed over to the Continual Service Improvement process. Suggestions for process improvements may originate from anywhere within the IT organization.
KPIs
Roles | Responsibilities
Process Architect - Process Owner
- The Process Architect is responsible for maintaining the Process Architecture (part of the Enterprise Architecture), coordinating all changes to processes and making sure that all processes cooperate in a seamless way.
- This role often also supports all parties involved in managing and improving processes, in particular the Process Owners. Some organizations combine this role with the Enterprise Architect role.
Process Owner
- A role responsible for ensuring that a process is fit for purpose. The Process Owner’s responsibilities include sponsorship, design, and continual improvement of the process and its metrics.
- In larger organizations there might be separate Process Owner and Process Manager roles, where the Process Manager has responsibility for the operational management of a process.
ITIL Role / Sub-Process | Process Architect | Process Owner |
---|---|---|
Process Management Support | A[1]R[2] | R |
Process Benchmarking | AR[3] | - |
Process Maturity Assessment | AR[3] | - |
Process Audit | AR[3] | - |
Process Control and Review | AR | R[4] |
Remarks:
[1] A: Accountable according to the RACI Model: Those who are ultimately accountable for the correct and thorough completion of the ITIL Process Evaluation process.
[2] R: Responsible according to the RACI Model: Those who do the work to achieve a task within Process Evaluation.
[3] possibly supported by an external auditor
[4] in cooperation
Notes
Itil Compliance Checklist
By: Stefan Kempter , IT Process Maps.
Itil Audit Checklist Pdf
Process Description ›Sub-Processes ›Definitions ›Roles