Call us Today +44 (0)1536 711 999

Marval logo

What you can expect when an auditor visits your offices

In the words of Corporal Jones, “Don’t panic Mr Mainwaring”.

Having been at the thick end of this cycle for more than 10 years I can honestly say that these words ring true.

In my youth I was frequently advised not to revise for an exam on the day of the exam as it would do more harm than good. The same advice works for auditing. Once you start making changes to documents or records on the eve of an audit because you think you have missed something you are then forever playing audit roulette.   

Any visit from an auditor should be preceded by them contacting you to agree an agenda for the visit, especially if the subject area is large and the quantity of processes being audited are multiple. An audit will not examine every word, document, workflow process or record in the systems being audited. They are based on selective checking and therefore you won’t be able to control the direction or interest of the auditor. In my experience they are well versed in finding the one item on a page that you hoped they would miss!    

What they will do though is work with you and start off by looking at your documentation. Is it all relevant? Often, we tend to overwrite processes and policies because we think that more content equates to more adherence. Sometimes a four page monologue can be contracted into one page of succinct process.

They will also, softly, interview relevant Management Team members and Process owners so they can gauge the levels of awareness amongst staff in the focus areas.

At this point I will offer my first `top tip`. Try and keep your defences down. It will lead to a more productive day if you accept that they have come to help you improve your functions in the long run.

If you have any weaknesses, don’t hide them. By having an impartial view and assessment they will be able to say things that you probably already know. This can lead to Management buy in and improvements to your processes.

If the audit is an official visit and based on a framework such as an ISO Standard, they may well use technical terminology, make references to clauses, subsets and annexes. This is normal and not designed to confuse.

Another helpful hint. Know your way around your document and process library. Have a clearly labelled set of files and folders. There is nothing more frustrating to an auditor than the classic `click/fail` situation and you muttering away to yourself “I’m sure it was here yesterday”.

An auditor hasn’t come to judge you per se, they are there to test the adequacy of your internal controls. It took me a while to realise that auditors aren’t blessed with a 6th sense. They can’t predict the future. A typical audit, in the ITSM world, is based on a historical 9-12-month period. They won’t go back further than that and they can’t audit what hasn’t happened yet so focus on that window.


Posted by

Richard West

Standards and Compliance Manager, Marval

Contact Us View all Articles

Similar Articles

Endless possibilities with Marval...

Whatever your aspirations might be, we have the technology, the expertise and the people to make them happen.

We know you may have some questions...

I would like to opt in to receive marketing communications from Marval via:

  • Request a

    Discover the benefits of implementing MSM software, designed to improve service quality, customer satisfaction and reduce costs

  • Download

    Your central repository of interesting and useful information on IT Service Management

  • Customer
    Case Studies

    See how organisations all over the world use Marval MSM software to address their most critical IT Service Management challenges

  • Contact

    Contact us to discuss your service improvement requirements