Professional Documents
Culture Documents
Service-Level Controls Audit Work Program
Service-Level Controls Audit Work Program
com
Table of Contents
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM: SAMPLE 1..................................................................3
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM: SAMPLE 2..................................................................8
2 Source: www.knowledgeleader.com
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM:
SAMPLE 1
Planning
Fieldwork
AUDIT OBJECTIVES
A service-level agreement (SLA) describes specific types of service levels or performance objectives that an IT
provider is committed to comply with or exceed during the time covered by the agreement. The terms of the SLA
can define such things as acceptable response times for processing individual transactions or identifying and
resolving various types of computing and telecommunication operating and effectiveness problems. It should
stipulate the penalties for the supplier’s failure to achieve one or more service or quality levels. The purpose of
this audit work program is to assess the controls specific to an SLA. In doing so, Company X will:
• Determine high-level business requirements of Service Provider X.
• Identify Service Provider X’s framework and methods to deliver on these business requirements.
• Identify key performance indicators (KPIs), controls and critical success factors used to ensure Service
Provider X’s ability to deliver on these business requirements.
Planning
3 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
descriptions, etc.
− Transactions: The volume/value of various transaction types processed.
− Systems: Application modules, interfaces, tracking systems and related
management reporting.
− “Customers”: Who are the key external and internal customers for the
process?
• Review any known best practices for service-level controls and incorporate them
into the audit work and audit report, if appropriate.
Fieldwork
Interview the following individuals and document the results of the interview:
• CIO, Director Service Provider X Development, Director Service Provider X
Infrastructure, VP Purchasing, VP Controller, Director Accounting, VP Operations,
Director Regional Operations, Finance Development Manager, Senior Manager
Payroll Operations and VP Team Member Resources
4 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
For a sample of past and in-process service-level agreements, confirm that the
content includes the following:
• Definition of service
• Cost of service
• Quantifiable minimum service level
• Level of support from the IT function
• Availability, reliability and capacity for growth
• Change procedures for any portion of the agreement
• Continuity planning
• Security requirements
• Written and formally approved agreement between provider and user of service
• Effective period and new period review/renewal/nonrenewal
• Content and frequency of performance reporting and payment for services
• Charges are realistic compared to history, industry and best practices
• Calculation for charges
• Service improvement commitment
• Both user and provider formal approval
Test that appropriate users are aware of and understand service-level agreement
processes and procedures.
Test the users’ level of satisfaction with the current service-level process and that the
actual agreement is sufficient.
Test that the service provides records to ascertain reasons for nonperformance and
to ensure that a performance improvement program is in place.
Test that the accuracy of actual charges matches the agreement content.
Test that reports of all problems encountered are appropriately used by management
to ensure that corrective actions are taken.
Interview the following individuals and document the results of the interview:
• Senior service provider X help desk.
• Help desk team leader.
5 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
Ensure that policies and procedures for help desk activities are current and accurate.
Test that service-level commitments are being kept and that variances are explained.
Test that trend analysis and reporting achieve the following goals:
• Produce and act upon trends for improved service.
• Include specific problems, trend analyses and response times.
• Ensure delivery to a responsible individual with the authority to resolve problems.
Test that user satisfaction-level inquiries exist and are acted upon.
Final Reporting
Reporting: Draft
• Prepare a preliminary draft of the audit report using the standard format. Ensure
that an appropriate auditee reviews the draft and that any action items have been
discussed with the auditee.
Other Administrative
Compile test work and key support data into a work paper binder. Include a binder
index of key information.
Discuss job scheduling, timing, and related opportunities for improvement with the
internal audit manager, as necessary.
6 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
7 Source: www.knowledgeleader.com
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM:
SAMPLE 2
Report Issuance (Local) (Date) The draft report was sent to the chief financial officer (CFO)
(Name) and the chief information officer (CIO) (Name).
Report Issuance (Worldwide) (Date) This draft report was originally set for (Date) and was
moved back due to a rescheduled local review with the
CFO and CIO.
Determine the high-level business requirements (Initials) Achieved: Met with business unit leaders to
of a management information system (MIS). identify requirements.
Identify key performance metrics and critical (Initials) Implement potential key performance
success factors to track MIS’s ability to deliver on indicators (KPI) and common security
these business requirements. frameworks (CSF) in audit recommendations
because none of these currently exist.
8 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
Planning
Fieldwork
9 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
DS1.1 – DS1.7
10 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
11 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
12 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
Final Reporting
• Reporting: Draft
− Prepare a preliminary draft of the
audit report using the standard
format. Ensure that appropriate
auditee reviews are drafted and
that any action items have been
discussed with the auditee.
13 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
Other Administrative
• Follow up on client/satisfaction
surveys (if utilized).
14 Source: www.knowledgeleader.com