I'm currently putting myself through training on ISO20000 which is the international standard for IT Service Management and am learning about the audit requirements.
Reading through the types of audit and the steps that should be undertaken reminded me of something an old boss (old as in previous, not ancient) taught me when we were about to be audited for ISO9000 re-certification. It stuck in my head and so I thought I would share it with you in the hope that it helps you with your next audit.
Why do we get audited?
- Legal requirement
- To ensure best practice
- To achieve certification
- A client requirement
- To ensure that documented procedures are being followed
- Industry requirement
- Agree what the audit will cover (scope) and when it will be
- Agree who will work with the auditor within your team / organization
- Make sure they understand the scope and what needs to be ready for the auditor
- Ensure everything is ready on the first day of the audit
- Ensure everything has been recently reviewed
- Allow those involved in the audit time in their day to prepare
- Ensure the auditor knows exactly where to go on the day; you don't want a stressed auditor
- Take the auditor to a pre-booked room that is big enough for their needs
- Provide refreshments if possible
- Show them where the facilities are and advise of fire exits / fire drills etc
- Allow the auditors to run the timetable
- Only cover the items agreed in the scope
- Relax - an audit is a chance to improve the way you operate and not a criticism
- Listen to the auditors feedback at the exit meeting
- Don't comment unless something is obviously wrong or misunderstood
- Agree a date / time when you will receive the draft report
- Agree what needs to be sent to the auditors and by when
- Don't argue. Note areas of disagreement.
- Arrange a meeting to review the report with those involved and relevant senior management
- Ensure you agree with the findings or document what and why you don't
- Prepare responses and time-frames to resolve actions
- Assign each action to an owner
- Agree priorities.
- If the auditors require regular progress updates, agree with the owners when they will be provided; follow up with the owners
- Document progress
- Close issues as they are completed, but check first.
- Stick to the plan
- be confrontational
- look at the audit as a way to get things done that you have been requesting for years
- tell the auditor too much
- commit to resolve things in time-frames that are unrealistic.
- look after the auditor
- stay focussed on the scope of the audit
- provide any additional information required by the auditor
- put in place a plan to resolve issues raised
- stick to the plan
- highlight anything that will stop you achieving your actions time-frames.