IT-SM ISO/IEC 20000-1:2018 Lead Auditor (Information Technology - Service Management) Training Course

(Registered Course ID:2328)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislationstandards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation, and continual improvements in the management system to control the risks and achieve its expected outcome.


This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified IT Service Management Systems (IT-SM) Lead Auditor Training Course (Registered ID: 2328) is part of an International recognized CQI/IRCA IT-SM Auditor Certification programme.

The successful completion of this course is prerequisite and essential to becoming a CQI/IRCA IT-SM Auditor.  

To participate in this training course, the following prior knowledge were expected: 

a) Management systems

  • The core elements of a management system and the interrelationship between context of the organization, management commitment, policy, planning, operation, performance evaluation and continual improvement.

b) Service management

  • principles and concepts of service management
  • the requirements of ISO/IEC 20000-1
  • the relationship between organisational objectives and the delivery of services
  • concepts of organisational governance through financial management and risk management
  • typical issues and interested parties relevant to an SMS and services, and their typical requirements
  • the influence of organisational processes on service demands and the impact of changing those processes
  • variety of technologies used to deliver services

Note. You are advised that course examination questions can relate to any requirement of ISO/IEC 20000-1 and the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course. 

Who should attend?

This is intended for those who will be involved in leading audits of an IT-SM that conforms to ISO/IEC 20000-1 in any organization. Suggested job functions and their teams include:

  • Those wishing to implement an IT-SM in accordance with ISO/IEC 20000-1
  • IT professional who operate IT-based services, i.e. data center, help-desk, problem management
  • ITIL professional
  • The existing auditor who wants to expand their auditing skills
  • Consultants who wish to provide advice on ISO/IEC 20000-1 implementation
  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants
  • Information security managers

Learning objectives

  • Learn how to explain the purpose and business benefits of an IT-SM, of IT-SM standards, of management system audit and of third-party certification
  • Learn how to explain the role of an auditor to plan, conduct, report and follow-up an IT-SM audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  • Learn how to plan, conduct, report and follow-up an audit of an IT-SM to establish conformity (or otherwise) with ISO/IEC 20000-1 (with ISO/IEC 20000-2) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its IT-SM to assess and improve conformance with ISO/IEC 20000-1
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an IT-SM in any organization
  • Successful auditing will improve the protection of any organization’s private data to meet market assurance and corporate governance needs
  • Understand how to identify gaps in an IT-SM system
  • Accurately audit will be able to provide continuous improvement to a management system
  • Meet training requirements for IRCA auditor certification 

Course outline

Day 1, Management systems (ISO/IEC 20000-1)

  • Management system structure (MSS) and process approach (PDCA)
  • Understand the organization's compliance risk
    • Understanding of organization, interested parties, and their requirements 
    • Management system scoping 
  • Leadership and commitment
    • Top management leadership, management system policy and objectives 
    • Support the management system and a documented management system
  • Compliance risk and opportunities management 
  • Management system operation
    • Service portfolio management
    • Relationship and agreement management

Day 2, Management systems (ISO/IEC 20000-1) and Management systems audit (ISO 19011 and ISO 17021) 

  • Management system operation (continue) 
    • Supply and demand management
    • Service design, build and transition management
    • Resolution and fulfillment management
    • Service assurance management
  • Management system performance evaluation and improvement processes
  • Auditor's role, responsibility, and competence
  • Different types of audit and certification process

Day 3, Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit 
  • Management system performance evaluation and continual improvement requirements 
  • Different types of audit
  • Audit programme and purpose
  • Planning an audit (initiate the audit, feasibility analysis)
  • Conduct a Stage 1 audit (document review)
  • Preparation for Stage 2 (on-site) audit - audit plan
  • Preparation of audit work documents includes checklist and audit trails 

Day 4, Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting
  • Roleplay for audit scenarios 
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
  • Prepare audit report 

Day 5, Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion 
  • Close meeting 
  • Audit follow-up
  • Evaluating correction, the corrective action including root cause analysis and audit finding closure
  • Management system certification 
  • Course summary and examination 

What's included?

Organizational information

Please contact us for more information or support 

Last modified: Wednesday, 16 November 2022, 5:41 AM