ISO 20000 Lead Auditor

 

Introduction

This five-day intensive course enables participants to develop the expertise needed to audit an Information Technology Service Management System (ISO 20000) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this interactive training, the participant will acquire the skills and knowledge needed to proficiently plan and perform audits compliant with the certification process of standard 20000:2005. Based on practical exercises, the participant will develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the efficient conducting of an audit.
The training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). A comprehensive audit kit developed by seasoned auditors will be distributed to participants.

Learning objectives:

  • Understanding the application of the information technology service management system in the ISO 20000:2005 context.
  • Understanding the relationship between the information technology service management system, including the management processes and requirements, and the various stakeholders.
  • Understanding audit principles, procedures and techniques, and being able to apply them in an ISO 20000 audit framework.
  • Understanding the legal, statutory, regulatory or contract obligations relevant during an ITSMS audit.
  • Acquiring the personal skills required to perform an audit in an effective and cost-effective manner, and managing an audit team.
  • Preparing and completing an audit report

Who should participate?

  • People wanting to lead ISO 20000 certification audits as the responsible of an audit team
  • Consultants wanting to prepare and support a company in an audit certification
  • ITIL consultants who want to widen their knowledge
  • Internal advisors to a company or internal auditors wanting to prepare and support his company in a certification audit
  • IT Service management staff
  • Expert advisors in information technology

Course details:

Day 1: Introduction to the management of an Information technology service management system based on ISO 20000

  • Course objectives and structure
  • Normative and regulatory framework
  • ISO 20000 certification process
  • Fundamental principles in Information Technology Service Management
  • Information technology service management system (ITSMS)
  • Introduction to clauses 3 to 10 (ISO 20000)

Day 2: Launching an ISO 20000 audit

  • Fundamental concepts and principles in audit
  • Ethics and professional rules of conduct in audit
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 20000 certification audit
  • Documentation audit
  • Preparing the audit plan
  • Conducting an opening meeting

Day 3: Conducting an ISO 20000 audit

  • Communication during the audit
  • Audit procedures (observation, interview, sampling techniques)
  • Drafting audit findings and nonconformity reports

Day 4: Closing an ISO 20000 audit

  • Audit documentation
  • Review of audit notes
  • Closing an ISO 20000 audit
  • Managing an audit
  • Competence and evaluation of auditors
  • Completion of training

Day 5: Examination

  • Examination

Prerequisites:

  • ITIL Foundations training or a basic knowledge of ISO 20000 is recommended, but not mandatory

Examination and certification: RABQSAIRCA

  • The ITSMS exam – ISO 20000 Lead Auditor is certified by RABQSA (demand pending) and meets the ‘RABQSA Training Provider Examination Certification Scheme’ (TPECS) criteria and covers the competency unit:
    • RABQSA – IS (information security)
    • RABQSA – AU (Audit Techniques)
    • RABQSA – TL (Techniques for Lead Auditor)
  • Duration of the exam: 3 hours
  • A certificate will be issued to participants who successfully complete the exam
  • After the training, the participant can apply for the title of ISO 20000 provisional auditor, ISO 20000 auditor, ISO 20000 principal auditor or ISO 20000 lead auditor depending on their experience
  • The certificate for the successful completion of the RABQSA exam is recognized by IRCA and meets the IRCA/2016 certification criteria. A participant can register as IRCA or RABQSA auditor

General information:

  • A copy of the ISO 20000-1 standard is distributed to participants
  • A 35 CPE (continuing professional education) participation certificate will be issued to participants
  • An audit toolkit as well as a student manual containing over 400 pages of information and practical examples will be distributed to participants

Comments on this entry are closed.