Mar 20, 2018 CERT.Global 3063times

IT Service Management Systems (ITSMS, ISO/IEC 20000-1:2011) Auditor / Lead Auditor Training Course

(Registered Course Nr. PR321 / A17576)

Through the management system audit and certification, the organisation can demonstrate its ability on legal, legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. service level agreements), policy and procedures compliance.

Also the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.


This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified IT Service Management Systems (ITSMS) Auditor / Lead Auditor Training Course (Registered Course Nr. PR321 / A17576) is part of International recognized CQI/IRCA ITSMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to become a CQI/IRCA ITSMS Auditor.  

To participate this training course, the following prior knowledge were expected: 

  1. Knowledge of Management System Compliance (ISO 19600)
    • Process approach (Plan-Do-Check-Act)
    • Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies and procedures.
    • Top management leadership, other roles and responsibilities to support management system
    • Consideration of planning a management system - identify the organisational and technical measures to manage the identified risk
    • Supporting required by the management system 
    • Management system operation consideration - monitoring, reporting and communicating 
    • Performance evaluation of a management - objectives evaluation, Internal Audits and Management Review 
    • Continual improve the effectiveness of a management system
  2. Knowledge of IT services management principles and concepts, includes but not limited to:
    • the relationship between organizational objectives and the delivery of supporting IT systems and services;
    • concepts of organizational governance through financial management and risk management;
    • chief interests, priorities and experiences of end users, customers and other stakeholders;
    • principles of IT service provision;
    • the influence of organizational processes on IT system demands and the impact of changing processes;
    • typical technologies underpinning business information systems;
  3. Management system audit (ISO 19011)
    • Audit programme management 
    • Initial the audit
    • Document review
    • Preparing for on-site audit
    • Audit skills
    • Conducting on-site audit 
    • Preparation of Audit evidences and findings
    • Audit report
    • Audit follow-up 
  4. ISO/IEC 20000: Knowledge of the requirements of ISO/IEC 20000-1 (with ISO/IEC 20000-2) and the commonly used information security management terms and definitions.
  5. Understand the management system certification requirements, i.e. ISO/IEC 17021-1 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements

Note. You are advised that course examination questions can relate to any requirement of ISO/IEC 20000 and the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course. 

Who should attend?

This is intended for those who will be involved in leading audits of an ITSMS that conforms to ISO/IEC 20000 in any organization. Suggested job functions and their teams include:

  • Those wishing to implement an ITSMS in accordance with ISO/IEC 20000
  • IT professional who operate IT-based services, i.e. data center, help-desk, problem management
  • ITIL professional
  • Existing auditor who wants to expand their auditing skills
  • Consultants who wish to provide advice on ISO/IEC 20000 implementation
  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants
  • Information security managers

Learning objectives

  • Learn how to explain the purpose and business benefits of an ITSMS, of ITSMs standards, of management system audit and of third-party certification
  • Learn how to explain the role of an auditor to plan, conduct, report and follow-up an ITSMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  • Learn how to plan, conduct, report and follow-up an audit of an ITSMS to establish conformity (or otherwise) with ISO/IEC 20000-1 (with ISO/IEC 20000-2) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its ITSMS to assess and improve conformance with ISO/IEC 20000
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ITSMS in any organization
  • Successful auditing will improve the protection of any organization’s private data to meet market assurance and corporate governance needs
  • Understand how to identify gaps in an ITSMS system
  • Accurately audit will be able to provide continuous improvement to a management system
  • Meet training requirements for IRCA auditor certification 

Course outline

Day 1, management system knowledge (ISO/IEC 20000-1)

  • The benefits of ITSMS
  • Process approach, Plan-Do-Check-Act (PDCA) and ITSMS
  • ITSMS terms and definitions 
  • The management system processes:
    • Compliance risk management
    • IT service management processes
    • Leadership and resources
    • Policy, objectives, performance evaluation of a management system. 
    • Organizational and technical risk control measures
  • Documented information required by the Standard and the Organization 

Day 2, guidelines for auditing management systems (ISO 19011 and ISO 17021)

  • Purpose of audit
  • Internal audit, supplier audit and certification audit requirements
  • Audit processes
  • Auditor responsibilities 
  • Audit programme 

Day 3, simulate the process of planning, preparation for an audit

  • Planning an audit (initiate contact, contract)
  • Preparation of audit work documents includes audit trails and checklist
  • Conduct a Stage 1 audit (document review)
  • Prepare a Stage 2 (on-site) audit plan

Day 4, simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting
  • Role play for audit scenarios 
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
  • Prepare audit report 

Day 5, simulate the closing of on-site audit - close meeting and follow-up

  • Closing meeting 
  • Audit follow-up
  • Evaluating correction, corrective action including root cause analysis and audit finding closure
  • Management system certification 
  • Course summary and examination

What's included?

  • Course material
  • IRCA auditor course examination 
  • Course certificate

Organizational information

  • Delegates should note that there are evening works during the course
  • The minimal numbers of delegates for this course is 4 and maximum is 20. If the students less than 4, the course will be postponed.
  • This course is facilitated by TKSG.Global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
  • This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes infotech Inc.

Additional Info

Venue (地點): Public or In-house training
Time (時間): 5 days
Daily time arrangement:
09:00 ~ 18:00
Facilitator (講師): Authorized tutor

Related items

Go to top
JSN Educare is designed by | powered by JSN Sun Framework