Professional Documents
Culture Documents
Service-Level Controls Audit Work Program
Service-Level Controls Audit Work Program
Service-Level Controls Audit Work Program
com
Table of Contents
EXECUTIVE SUMMARY............................................................................................................................................................... 3
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM: SAMPLE 1......................................................................................4
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM: SAMPLE 2......................................................................................9
2 Source: www.knowledgeleader.com
EXECUTIVE SUMMARY
A service-level agreement, or SLA, can be described as a specific service level or performance objective that an
IT provider is committed to comply with or exceed during the time covered by the agreement. Organizations use
the terms of an SLA to define such things as acceptable response times for processing individual transactions or
identifying and resolving various types of computing and telecommunication operating and effectiveness
problems. Additionally, an SLA should stipulate the penalties for the supplier’s failure to achieve one or more
service or quality levels.
Assessing these controls will not only allow your organization to establish high-level business requirements, but
also identify a framework and methods to deliver on your business requirements and identify key performance
metrics and success factors to track delivery of your business requirements.
This KnowledgeLeader tool includes two sample work programs to assist you with auditing the controls related to
an SLA. Both samples include the project work steps for the planning, fieldwork, final reporting and other
administrative phases of the SLC audit process. Sample 2 also includes a list of steps for auditing disclosure
statements 1.1-1.7.
Objectives include conducting a planning meeting to discuss the audit scope, approach and timing; determining
the appropriate audit contacts; obtaining and reviewing the policy and procedures for service-level activities;
establishing a schedule for status meetings and open-communication protocols; obtaining SLA IT policies and
procedures; determining whether appropriate users are aware of and understand service-level agreement
processes and procedures; and compiling test work and key support data into a work paper binder.
This document should be used as a general guide to understand and review this business process. Organizations
should customize this tool to ensure that it reflects their business operations and continuously monitor the
process to ensure that the steps described are accurate.
3 Source: www.knowledgeleader.com
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM:
SAMPLE 1
Planning
Fieldwork
AUDIT OBJECTIVES
The purpose of this audit work program is to assess the controls specific to an SLA. In doing so, Company X will:
• Determine high-level business requirements of Service Provider X.
• Identify Service Provider X’s framework and methods to deliver on these business requirements.
• Identify key performance indicators (KPIs), controls and critical success factors used to ensure Service
Provider X’s ability to deliver on these business requirements.
Planning
4 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
− “Customers”: Who are the key external and internal customers for the
process?
• Review any known best practices for service-level controls and incorporate them
into the audit work and audit report, if appropriate.
Fieldwork
Interview the following individuals and document the results of the interview:
• CIO, Director Service Provider X Development, Director Service Provider X
Infrastructure, VP Purchasing, VP Controller, Director Accounting, VP Operations,
Director Regional Operations, Finance Development Manager, Senior Manager
Payroll Operations and VP Team Member Resources
For a sample of past and in-process service-level agreements, confirm that the
content includes the following:
5 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
• Definition of service
• Cost of service
• Quantifiable minimum service level
• Level of support from the IT function
• Availability, reliability and capacity for growth
• Change procedures for any portion of the agreement
• Continuity planning
• Security requirements
• Written and formally approved agreement between provider and user of service
• Effective period and new period review/renewal/nonrenewal
• Content and frequency of performance reporting and payment for services
• Charges are realistic compared to history, industry and best practices
• Calculation for charges
• Service improvement commitment
• Both user and provider formal approval
Test that appropriate users are aware of and understand service-level agreement
processes and procedures.
Test the users’ level of satisfaction with the current service-level process and that the
actual agreement is sufficient.
Test that the service provides records to ascertain reasons for nonperformance and
to ensure that a performance improvement program is in place.
Test that the accuracy of actual charges matches the agreement content.
Test that reports of all problems encountered are appropriately used by management
to ensure that corrective actions are taken.
Interview the following individuals and document the results of the interview:
• Senior service provider X help desk.
• Help desk team leader.
6 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
Ensure that policies and procedures for help desk activities are current and accurate.
Test that service-level commitments are being kept and that variances are explained.
Test that trend analysis and reporting achieve the following goals:
• Produce and act upon trends for improved service.
• Include specific problems, trend analyses and response times.
• Ensure delivery to a responsible individual with the authority to resolve problems.
Test that user satisfaction-level inquiries exist and are acted upon.
Final Reporting
Reporting: Draft
• Prepare a preliminary draft of the audit report using the standard format. Ensure
that an appropriate auditee reviews the draft and that any action items have been
discussed with the auditee.
Other Administrative
Compile test work and key support data into a work paper binder. Include a binder
index of key information.
Discuss job scheduling, timing, and related opportunities for improvement with the
internal audit manager, as necessary.
7 Source: www.knowledgeleader.com
Time Project Work Step Initial Index
8 Source: www.knowledgeleader.com
SERVICE-LEVEL CONTROLS AUDIT WORK PROGRAM:
SAMPLE 2
Report Issuance (Local) (Date) The draft report was sent to the chief financial officer (CFO)
(Name) and the chief information officer (CIO) (Name).
Report Issuance (Worldwide) (Date) This draft report was originally set for (Date) and was
moved back due to a rescheduled local review with the
CFO and CIO.
Determine the high-level business requirements (Initials) Achieved: Met with business unit leaders to
of a management information system (MIS). identify requirements.
Identify key performance metrics and critical (Initials) Implement potential key performance
success factors to track MIS’s ability to deliver on indicators (KPI) and common security
these business requirements. frameworks (CSF) in audit recommendations
because none of these currently exist.
9 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
Planning
Fieldwork
10 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
DS1.1 – DS1.7
11 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
12 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
13 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
support
− IT charter, mission, organization
chart, and policies and procedures
related to help desk activities
− Reports related to user queries,
resolution of queries and help
desk performance statistics
− Any performance standards for
help desk activities
− Service-level agreements between
IT functions and various users
− Personnel files outlining
experiential and professional
credentials of the help desk staff
Final Reporting
• Reporting: Draft
− Prepare a preliminary draft of the
audit report using the standard
format. Ensure that appropriate
auditee reviews are drafted and
14 Source: www.knowledgeleader.com
Performed Reviewed Issues
Project Work Step WP Ref. Comments
By: By: Noted:
Other Administrative
• Follow up on client/satisfaction
surveys (if utilized).
15 Source: www.knowledgeleader.com