| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
IT Service Level Management
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers IT service level management. It introduces the concept of delivering technology as a set of interdependent services, explains what service and operational level agreements contain and why they matter, describes the tools used to monitor performance, and addresses the critical principle that accountability for service quality cannot be outsourced.
What this episode covers
- IT as services β breaking technology into discrete, repeatable processes that deliver business value and are tightly interdependent.
- How service processes flow β a single complaint moving through incident, problem, change, and configuration management steps.
- Service level agreement content β what it covers, the gap it narrows between expectation and delivery, and the operational level agreement that supports it internally.
- What to measure β accuracy, completeness, timeliness, security, financial performance, human resources, and risk compliance.
- Performance monitoring tools β exception reports, system and application logs, operator problem reports, and operator work schedules.
- Outsourcing accountability β the principle that delivery can be contracted out but accountability always stays with the organisation.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is a service level agreement and what does it achieve?
A service level agreement is a written agreement between an IT organisation and a customer that details the services to be provided in plain, non-technical terms. Its key job is to narrow the gap between what customers expect and what is actually offered, and during its life it becomes the yardstick for measuring service performance. An operational level agreement is the internal counterpart that covers the behind-the-scenes work needed to keep those customer-facing promises.
What should a service level agreement actually measure?
Good service characteristics to measure include accuracy, completeness, timeliness, and security. Beyond speed and uptime, an agreement can also track financial performance such as cost reduction, human resources measures such as staff turnover or training levels, and risk measures such as compliance with control objectives. An auditor should push for breadth in the measures to ensure that risk, security, and control sit alongside efficiency and effectiveness.
What tools help monitor service level performance?
Exception reports flag applications that failed or malfunctioned, and too many exceptions hint at deeper problems such as poor design, weak testing, or inadequate capacity. System and application logs record most abnormal events and require analysis software because they are too large to read manually. Operator problem reports capture how issues were resolved and allow management to assess whether the response was appropriate, while operator work schedules support staffing decisions to keep service flowing during heavy periods.
Who is accountable for service quality when work is outsourced?
The principle to remember is that you can outsource responsibility for delivery but you can never outsource accountability. If a third party serves your customers directly, a control failure at the vendor can damage your reputation and the risk lands on you. Management gains assurance over a vendorβs controls through questionnaires, onsite visits, or an independent assurance report from the provider, and the outsourcing arrangement itself must be governed by a contractual agreement with clear expectations on both sides.
π Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in IT Service Level Management.