An IT auditor assigned an IT service delivery and support engagement should consider performing assurance services based on major process points established in the ISO/IEC 20000 as well as COBIT frameworks. Where entity-centric ITSM is extracted from the ISO framework, an IT auditor will probably find assertion veracity or direct subject matter verification more productive if they are well versed in service delivery and support concepts. When confronted with an uninitiated entity, the risk-based IT assurance program addressing relevant ISO/IEC 20000 and COBIT areas can assist IT management through valuable process improvement recommendations that reflect generally accepted ITSM global standards.
“View Part I of the Auditing IT Service Delivery and Support series here“
Post Note: As of January 12, 2012, Robert E. Davis, MBA, CISA, CICA is a Master of Science in IT Auditing and Cyber-Security Program instructor at Temple University.