Helpdesk and incident reporting auditing

Last updated December 06, 2024

Help desk and incident reporting auditing is an examination of the controls within the help desk operations. The audit process collects and evaluates evidence of an organization's help desk and incident reporting practices, and operations. The audit ensures that all problems reported by users have been adequately documented and that controls exist so that only authorized staff can archive the users’ entries. It also determine if there are sufficient controls to escalate issues according to priority.

Types of help desks

The management and support of IT assets is essential for all businesses. Help desks are now fundamental and key aspects of good business service and operation. Through the help desk, problems are reported, managed and then appropriately resolved in a timely manner. Help desks can provide both internal and external users the ability to ask questions and receive effective answers. Moreover, help desks can help the organization run smoothly and improve the quality of the support it offers to the users.

Traditional - Help desks have been traditionally used as call centers. Telephone support was the main medium used until the advent of Internet. Although telephone support has worked effectively and is still being used today, it has a number of weaknesses. For example, it is frustrating for customers to be put on hold or navigate automated phone answering messages.^[1]
Internet - The advent of the Internet has provided the opportunity for potential and existing customers to communicate with suppliers directly and to review and buy their services online. Customers can email their problems without being put on hold over the phone. One of the largest advantages Internet help desks have over call centers are that it is available 24/7. This is extremely important in today's global business world where customers and staff members may be in different time zones.^[2]

Help desk auditing

Objectives

Determine if the sufficient controls have been implemented into the system. This will ensure that all problems reported by users have been adequately documented. The controls exist so that only authorized staff can archive the users’ entries. Also, customers should be notified of the timing of the corrective action.
Determine if there are sufficient controls to escalate issues according to priority. In addition, it is necessary to determine whether the trial has been completely recorded and what action has been taken by whom.
Monitor if customer requests are timely cleared. Outstanding requests should be reviewed and actions should be taken immediately.

Auditing procedure

Review and evaluate the overall process followed by the help desk. The review should focus on how the incoming problems are handled, if the problems are classified and prioritized, and if there is timely follow up to ensure efficient and complete resolution.
Observe the operation. This observation should include the promptness of answering questions, immediate logging, and adequate knowledge to resolve problems quickly.
Perform a test to determine the control environment. For example, the auditor could test whether all the users’ requests are logged into the system and whether all questions are properly documented.
Determine if management defines the help desk mission statement. Also, the auditor should evaluate whether management has established clear responsibilities for the help desk.
Evaluate the help desk service level by determining the management's methods of performing services. This can be accomplished by asking these questions:

Does management calculate how many problems are reported per month?
How many problems are resolved per month by individual help desk staff members?
Does management compare the number of problems reported per day with the number of problems resolved per day?

For the last question, tracking systems will help to identify whether the help desk has adequate staff to deal with the number of issues received at any given time. Furthermore, the problems distribution should be monitored to ensure that the staff is appropriately scheduled in to meet customer demand.

Evaluate the training of the help desk technicians. This will help determine if they are aware of the development of hardware and software, industry trends and have sufficient technical skills.
Check the security systems of the help desk. This includes such systems as physical security and password access controls.

Software

Today, there are many software choices which help management operate the help desk functions. In addition, these software products greatly improve the auditing of help desk operation. Help desk software is management software that automates many features of an organization's help desk environment, such as automated email response. It gives businesses the capability of using a systematic approach to responding to both internal and external users.

The typical functionality of help desk software includes:

Call management
Call tracking
Knowledge management
Problem resolution
Self-help capabilities

The core components of any help desk software application include the abilities to record and track support requests through all stages. In addition, reporting is also a key element to providing detailed information on how the system is running. The right choice of help desk software depends on the size of the organization and the complexity of the support process. The business needs will vary greatly during different periods of time.

Help desk software common functions

Help desk software systems range in complexity from basic ticket logging to fully integrated CRM systems.
Functionality is varied, but the essential core elements are the recording and tracking of support requests.
Reporting is important and often complemented by a third party application for user-definable reports.
Service Level management is often crucial to the help desk process as a measure of its success. This is usually an automated benefit of the help desk application.

Outsourcing

The outsourcing of the help desk function and IT operations as a whole are a growing trend. However, it is important for the management to be aware of the ultimate responsibility for the help desk. This responsibility is still retained in the organization and not in the outsourcing firms. Help desk is still substantially important even if it is outsourced. In addition, it is critical to have appropriate management structure. Outsourcing decisions always involved both risks and benefits. The risks can be mitigated through careful planning. Whether it is a right decision or not for the organization to outsource can be decided through research. It also helps in delegating responsibilities to one and each.

Summary

Help desks play a key role in modern business organizations. A well designed and maintained help desk can substantially:

Increase the efficiency of operations
Reduce costs
Gain customer satisfaction
Improve public image

Effective auditing practices can contribute to maintaining the high quality of help desks, and help desk software may further improve the efficiency of help desk auditing.

Related Research Articles

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Systems development life cycle</span> Systems engineering terms

In systems engineering, information systems and software engineering, the systems development life cycle (SDLC), also referred to as the application development life cycle, is a process for planning, creating, testing, and deploying an information system. The SDLC concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both. There are usually six stages in this cycle: requirement analysis, design, development and testing, implementation, documentation, and evaluation.

<span class="mw-page-title-main">Technical support</span> Maintenance service of electronic consumers

Technical support, commonly shortened as tech support, is a customer service provided to customers to resolve issues, commonly with consumer electronics. This is commonly provided via call centers, online chat and email. Many companies provide discussion boards for users to provide support to other users, decreasing load and cost on these companies.

A service-level agreement (SLA) is an agreement between a service provider and a customer. Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user. The most common component of an SLA is that the services should be provided to the customer as agreed upon in the contract. As an example, Internet service providers and telcos will commonly include service level agreements within the terms of their contracts with customers to define the level(s) of service being sold in plain language terms. In this case, the SLA will typically have a technical definition of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR); identifying which party is responsible for reporting faults or paying fees; responsibility for various data rates; throughput; jitter; or similar measurable details.

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control IT services offered to customers.

<span class="mw-page-title-main">Accounting information system</span> System of collecting, storing and processing financial and accounting data

An accounting information system (AIS) is a system of collecting, storing and processing financial and accounting data that are used by decision makers. An accounting information system is generally a computer-based method for tracking accounting activity in conjunction with information technology resources. The resulting financial reports can be used internally by management or externally by other interested parties including investors, creditors and tax authorities. Accounting information systems are designed to support all accounting functions and activities including auditing, financial accounting porting, -managerial/ management accounting and tax. The most widely adopted accounting information systems are auditing and financial reporting modules.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

A mainframe audit is a comprehensive inspection of computer processes, security, and procedures,with recommendations for improvement.

Information technology controls are specific activities performed by persons or systems to ensure that computer systems operate in a way that minimises risk. They are a subset of an organisation's internal control. IT control objectives typically relate to assuring the confidentiality, integrity, and availability of data and the overall management of the IT function. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the hardware, system software, operational processes, access to programs and data, program development and program changes. IT application controls refer to controls to ensure the integrity of the information processed by the IT environment. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an organization that develops guidelines for businesses to evaluate internal controls, risk management, and fraud deterrence. In 1992, COSO published the Internal Control – Integrated Framework, commonly used by businesses in the United States to design, implement, and conduct systems of internal control over financial reporting and assessing their effectiveness.

An issue tracking system is a computer software package that manages and maintains lists of issues. Issue tracking systems are generally used in collaborative settings, especially in large or distributed collaborations, but can also be employed by individuals as part of a time management or personal productivity regimen. These systems often encompass resource allocation, time accounting, priority management, and oversight workflow in addition to implementing a centralized issue registry.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

Project workforce management is the practice of combining the coordination of all logistic elements of a project through a single software application. This includes planning and tracking of schedules and mileposts, cost and revenue, resource allocation, as well as overall management of these project elements. Efficiency is improved by eliminating manual processes, like spreadsheet tracking to monitor project progress. It also allows for at-a-glance status updates and ideally integrates with existing legacy applications in order to unify ongoing projects, enterprise resource planning (ERP) and broader organizational goals. There are a lot of logistic elements in a project. Different team members are responsible for managing each element and often, the organisation may have a mechanism to manage some logistic areas as well.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

A virtual help desk allows IT support organizations to virtually deploy IT technicians on demand to support a computer user experiencing technical issues. IT can efficiently manage and allocate global help desk resources, including – most importantly – its personnel, to access any computer to provide support despite the end user or IT rep location. Virtual help desks allow IT reps to virtually access end systems through support sessions where they can diagnose and fix computer issues quickly. This eliminates in-person customer service calls and/or ineffective phone-only tech support sessions, making the help desk more efficient. Another objective of the virtual help desk is to improve IT resource management and save organization's money by increasing IT support efficiencies. Through an enhanced ability to allocate resources, IT organizations have the flexibility to create new ways of using its technical support knowledgebase. This technology usually requires a software implementation and support contract.

By definition an audit is,

Help desk software is a computer program that enables customer-care operators to keep track of user requests and deal with other customer-care-related issues.

Data center management is the collection of tasks performed by those responsible for managing ongoing operation of a data center. This includes Business service management and planning for the future.

In IT operations, software performance management is the subset of tools and processes in IT Operations which deals with the collection, monitoring, and analysis of performance metrics. These metrics can indicate to IT staff whether a system component is up and running (available), or that the component is behaving in an abnormal way that would impact its ability to function correctly—much like how a doctor may measure pulse, respiration, and temperature to measure how the human body is "operating". This type of monitoring originated with computer network components, but has now expanded into monitoring other components such as servers and storage devices, as well as groups of components organized to deliver specific services and Business Service Management).

References

↑ Sharma, Shivangi (2018-11-27). "10 Reasons Why Traditional Help Desks Don't Make the Cut". Hiver. Retrieved 2024-10-03.
↑ "Rund-um-die-Uhr-Support ohne Rund-um-die-Uhr-Mitarbeiterbesetzung". Zendesk (in German). 2018-04-05. Retrieved 2024-10-03.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Sharma, Shivangi (2018-11-27). "10 Reasons Why Traditional Help Desks Don't Make the Cut". Hiver. Retrieved 2024-10-03.

[2] "Rund-um-die-Uhr-Support ohne Rund-um-die-Uhr-Mitarbeiterbesetzung". Zendesk (in German). 2018-04-05. Retrieved 2024-10-03.

[1]

[2]