Audits are never “fun”. But there are ways to make an audit go pleasant. For all involved. You and the auditor. This blog offers 20 tips you may want to consider for your next ISO/IEC 20000 audit. Or frankly, for any audit mostly.
Prior To The ISO/IEC 20000 Audit…
1. Conduct an ISO/IEC 20000 Mock Audit
A mock audit, or dry run, is a setting during which someone qualified acts as the certification auditor. And pretends to walk the auditee through an actual audit. Complete with a mock audit report. Particularly, your first-timers will appreciate this setting.
2. Know Your Auditor
Ask for the auditor’s resume. And learn about his/her background. Obviously, everyone has a “comfort zone”. Most likely, your auditor will have more questions about his/her known territory. For example, has the auditor been in software development. You can expect more questions for release management. As well as service design and transition.
Schedule an introductory call with your auditor. And listen carefully. What is the auditor looking for mostly. Continual improvements? Planning of your management system? Management reviews? Process performance? Service quality? And so on.
3. Know Your Weaknesses
We cannot be excellent in everything. Some of us present easily. Others do not. And, not everyone has executive presence. Or you may be new to a process or a service. Maybe you just started working for the organization. Make up for this. And invite your peers to the audit interview. Auditors understand this. Even more when you make the auditor aware of your situation. It is OK to be vulnerable.
4. Always Be Ready For An ISO/IEC 20000 Audit
A good mindset to have is to always be ready for an audit. The weeks and days leading up to your upcoming audit should not feel like an annual sprint to get ready. When following the processes and procedures as they are documented, your audit readiness is close to effortless. How hard can it be to do your job as intended. And if it is, look for implementing opportunities for improvement.
5. Keep Documents And Records In One Place
If you have a document management system. Use it to store all your documents. If you have automated solutions, use those to store your records. Avoid creating your personal storage places. Such as your inbox of your emails. Or your personal folders. And if you feel that you have no choice than to go this personal route, use it as an opportunity for improvement. Auditors appreciate your creativity. And your search for efficiencies.
6. Know Your ISO/IEC 20000 Audit Requirements And Evidence
Make sure you know the requirements the auditor expects you to meet. Participate in an ISO/IEC 20000 Foundation certification course. Join awareness sessions at work. Follow the guidance from your peers when changes are communicated you need to know of. And read and familiarize yourself with the documents that apply to you.
Create a list of those requirements you are supposed to meet. And list for each requirement the document and the record that serves as evidence. Hotlink to these documents and records. And use it as a cheat-sheet during the audit. Auditors do not mind.
7. Launch The Applications Prior To The Interview
Speaking of preparing for an audit, make sure to launch every application that has records that you want to show. Even more when you are not using your own computer during the audit. The security settings of the device in the meeting room may be different than on your computer.
Create a list of those records that you want to show during the audit. Records that are rich in quality information. That show the process is adhered to.
8. Know Your Metrics And KPIs
Auditors are keen on learning how your process or service support the service management objectives. Be familiar with these objectives. And show how you contribute to meeting them.
This implies that your process has metrics and key performance indicators (KPIs). Each with a target number. And your services have service levels and service levels targets. Show these numbers. With the help of reports. Reports that are being reviewed frequently. And acted on when the numbers are not what they should be.
And when the numbers are not pretty, explain why. Explain what is being done about it. Which is more important, actually. Auditors understand that targets may be a challenge at times.
9. How Do You Know That Your Process Or Service Is Effective?
Effectiveness of the service management system (SMS) is what matters most. Make sure you measure effectiveness. Of your process if you are the process owner. And of your service if you are the service owner. Act upon effectiveness issues with priority. And document those actions. Through the continual improvement process.
10. Ensure That Your Boss Is Also Present
During audits, it is important that leadership shows its commitment. Being present during an audit interview is one way of doing so. And defer to your boss when management decisions were made. Decisions that may have caused your process or service performing not the way as was intended. Having their backing in front of the auditor is what auditors want to see. It is completely in line with the spirit of top management responsibilities of the ISO/IEC 20000 standard.
During The ISO/IEC 20000 Audit…
11. Mentally Prepare For Surprises
Even the best preparation may come with surprises during the audit interview. An unexpected question from the auditor. A system that is acting up all of a sudden. A coworker who chimed in and derailed your thought process. Or a disagreement over a finding or an opportunity for improvement. It happens. And when it does, seek the help of your peers or leadership. You are never alone in this. ISO/IEC 20000 is a team effort. Auditors understand this.
12. Lead The Conversation
Always prepare your story. Develop a set of slides that you present. A 90-minute interview may turn into a 45-minute interview. Where your presentation consumed the first 45 minutes. Which usually go pleasant, because you are well-prepared. And auditors are eager to listen to what you have to share.
By taking the lead, you also have the opportunity to show what you want the auditors to see. It is your moment to shine.
13. Ease The Mind Of The Auditor
By showing off during the first part of the interview during which you took the lead, the auditor usually feels at ease. All because of you being well-prepared and of your performance. You know most of what the auditor is looking for. By showing this proactively, the auditor will have fewer questions. Often resulting in interviews that do not consume the allotted time.
14. Educate The ISO/IEC 20000 Auditor
Particularly, the auditor who audits you for the first time, does not know your organization. Your business processes. The organizational structure. Your successes and achievements. Or the titles, acronyms, and other language that is specific to your organization. Build in time during your interview to educate the auditor. The better he or she understands you and your organization, the more of value to you the auditor can be.
15. Portray Ownership Of Your Process Or Service
Own it! If you are the process owner or the service owner, account for the quality of your process or your services. Never blame anyone else when struggling with meeting quality targets. Even when you depend hugely on someone else. Show with the help of examples that you have done everything within your means to have a high-performing process or service.
Compliment those who contribute to the success of your process or service. Even more when these peers are present during the audit. This is the nicest “thank you” that you can give them when the spotlight is on you.
16. Be Passionate And Show Confidence
Express how excited you are owning the process or the service. How you have immersed yourself in the requirements of the ISO/IEC 20000-1 standard. And how you have educated yourself and those you work with through formal ISO/IEC 20000 certification training and awareness sessions.
Convey with confidence your eagerness to learn more about the users of your process or the consumers of your service. And how you continuously improve your process or service to ensure its relevancy and contribution to results and outcomes of your organization.
17. There Is Always Room For Improvement
No process or service will ever be perfect. Auditor understand this. And they are expecting it not to be. So missing out on a target every now and then is normal. What the auditor is most interested in is to notice that you took action. And that through continuous improvements you consistently seek ways to have your process or service perform even better.
Even when the auditor finds a nonconformity during the audit. No need to panic. You may have misinterpreted the standard. Or something ended up in a blind spot. Or the necessary backing from leadership that was absent is now exposed. It happens. Simply accept the finding. And collectively with your peers determine and execute on improvements. A nonconformity from an auditor is nothing more than the auditor trying to help you.
18. Answer The Question Only
Practice your communications skills during the audit. Listen very carefully to the question asked by the auditor. And only answer what is asked. This is not the time for you to ramble on. Or digress. It may portray uncertainty. And you may give away information the auditor may use later on. Something you may not like to talk about any further. Auditors are good communicators. They hear everything that you are saying.
19. You Can Also Ask Questions
When you are not certain what the auditor is asking you, ask for a clarification. Or ask, which requirement is he or she asking about.
The auditor may use words that are uncommon to you or to your organization. Never shy away from asking for an explanation of the question asked. The better you understand the question, the better you can answer it.
Verify that the answer that you have provided is sufficient. Or if the auditor has any additional questions about the topic at hand before you move on. This also shows that you are confident.
After The ISO/IEC 20000 Audit…
20. Timely Follow Up On Corrective Action Plans And Findings
When the auditor has determined a nonconformity or an opportunity for improvement of your process or service, follow up in a timely manner. You are given a certain amount of time to provide a corrective action plan. Provide the plan before the due date. And execute the plan according to the target dates as promised in the plan. It shows that you care. And it is a form of respect to the efforts made by the auditor to assist you in your journey of continuous improvements.
Conclusion
An ISO/IEC 20000 audit, or any ISO audit for that matter, can be a pleasant experience. Prepare well. Perform well. And timely do your follow-ups, if any. The same applies to the auditee and to the auditor. And with pleasant I mean, a worth-your-while experience. In other words, you came out better in the end. You learned something to advance your process or your service, for example.
An audit is not a gotcha exercise. Also the auditor wants you to pass for the audit. Or even better, add value to your continuous improvement efforts. With that in mind, do your share. And proudly own, manage, and represent your process or service. It will show. And make things pleasant.
Next Steps
- Learn from an earlier blog about an introduction to the ISO/IEC 20000-1:2018 standard
- Purchase a copy of the ISO/IEC 20000-1:2018 standard
- Participate in an ISO/IEC 20000 Foundation certification training course
- Become a certified ISO/IEC 20000 Auditor
- Work with your personal ISO/IEC 20000 Coach
- Become a certified ISO/IEC 20000 Service Owner
- Become a certified ISO/IEC 20000 Process Owner
- Let’s talk and contact me for more information