Do you need a formal ISO accreditation to benefit IT audits?

The short answer is absolutely not.

The more people and business functions that use the ITSM solution, the better the Return on Investment and your, per user, on going Management costs will reduce.  

However, IT audits as a function could be seen as a means to an end. The best and most believable way to demonstrate this is to have an effective audit process in place.

The audit process should be both transparent and objective based.

When you embark on creating a process that opens up your documentation, evidence, cultural belief in ITIL and ITSM and accountability, be sure to understand your goals before you start.

There are two distinct audit approaches you should consider

The first is to have an on going `internal` audit schedule that gives you and the business the level of confidence and visibility to continue to invest vast sums of money into IT.

The second is to have an external audit schedule in place that will validate all the excellent evidence that the internal audits collate.

In our experience even large organizations who have an audit team struggle to audit the ITSM function effectively. ITSM process audits  require a level of understanding of ITIL that only trained auditors in ISO20000 or an equivalent standard can deliver.

What can you expect from working with a trained and qualified auditor?

You will get improved visibility within the business as audits are often given more profile within Top Management.

You will get more cooperation from the users of the ITSM function. No-one wants to be the person who lets the side down.     

You can create a Compliance process that extends into parts of IT who may not always feel the need to comply with the same rules that the rest of us observe.

The days of accepting that IT is `unique` and full of ` characters` who get the job done are gone.

It’s time to get serious about auditing.