Call Center Review

Project #2000-04
Page 1 of 5
Audit Program

Given the audit supervisor's approval, steps may be added or deleted from the program after the
completion of the audit preparation steps.

SUPERVISOR SIGNATURE:

Audit Objectives:
1. Determine if the call center has a process for establishing and measuring goals and objectives.
2. Evaluate call center reports provided to management.
3. Evaluate the planning and management processes used in call center operations.
4. Note any efficiency and effectiveness issues that are encountered during the review.

Obj. Step Done By WP Ref.

Audit Preparation
1) Determine if any previous deficiencies were noted by management
prior to the audit and if they have been resolved.
2) Gain an understanding of call center management in general.
3) Review any documented procedures or written procedures related to
the call center operations.
4) Review copies of all forms used in call center processes.
5) Review job descriptions of all individuals involved in the process.
Indicate any areas of possible duplication of effort, of duties listed
which are inconsistent with procedures told to auditor, of
insufficient segregation of duties, etc.
6) Document, with narrative or flowchart, procedures performed in the
call center.

Management Objectives Done By WP Ref.

(1)(3) 1) Discuss the establishment and measurement of goals and objectives
with the call center manager. Determine if the process includes the
establishment of objectives, measurement of results, analysis of
information collected, and revision of objectives if necessary.
(1) 2) Obtain recent call center reports that were provided to management.
Evaluate the reliability, relevance, completeness and timeliness of
the reports.
(1) (3) 3) Evaluate the process for determining service level.
(3) 4) Evaluate the method of forecasting call load.
(3) 5) Evaluate the method of calculating base staff requirements.
(3) 6) Evaluate the calculation to account for staff shrinkage due to breaks,
lunch, other duties, etc.
 Call Center Review
Project #2000-04
Page 2 of 5
Audit Program

Obj. Step Done By WP Ref.

(3) 7) Gain an understanding of how schedules are created and determine
any efficiency/effectiveness issues relating to the process.
(3) 8) Determine if costs for the current service level have been calculated
and compared to costs of higher and lower levels of service.
(1,2) 9) Determine the level of training offered to call center employees.
(2) 10) Gain an understanding of the capabilities of the Automated Call
Distribution (ACD) system. Evaluate ERS's use of ACD capabilities.
(2) 11) Determine if an acceptable level of abandoned calls has been
established. If so, determine how abandoned call rates are monitored
and what actions are taken if abandoned calls are too high.

Monitoring Systems Done By WP Ref.

(1,2) 1) What feedback or reports and skill assessment capabilities are
utilized?
(1, 2, 3 2) How is data collected for performance and are there common
4) standards of performance? Are any standards benchmarked and
reported to management? Does management know what service
levels are not being met?
( 2) 3) Is any historical data used (i.e., number of calls per month, time of
year, types of calls, minutes allocated per call, etc?
(1, 2, 3 4) How is the call center data and local hotel property data monitored
4) and controlled? What call center software is used and how does
management monitor performance, versions, etc.?
(1, 2, 3 5) Is there a call center queue (callers on hold)? How many callers can
4) be placed on hold? How is the queue monitored? How is queue
administrated (callers versus workers, what is tolerance level of
callers, sorted by dollars spent, frequent customer or member, etc?
(1, 2) 6) What type of reader board is used? Is the reader board software based
of manual? What is the refresh rate of the reader board?
(1, 2) 7) Are skills based routing used? If so, how are calls routed?

Order Processing Done By WP Ref.

(1, 2, 3 1) How is backend and front end systems integration handled?
4)
(1, 2, 3 2) Can call records be used by the employees throughout the
4) organization? How is privacy controlled? How does customer history
appear? How is information shared or used by local property?
 Call Center Review
Project #2000-04
Page 3 of 5
Audit Program

Obj. Step Done By WP Ref.

(3) 3) If a caller requests information, how does customer find the answer?
(1, 2, 3 4) How is inventory between hotel and call center updated?
4)
(1, 2, 3 5) How is data used for post sale follow-up? How is credit card
4) information controlled and accessed by other departments? How is
transfer of data to other in-house areas controlled?
(1, 2, 3 6) What are the software links to accounting and accounts receivable?
4) How is this information controlled?
(1, 2, 3 7) How does call center software integrate with accounting and accounts
4) receivable? How is access controlled?
(1, 2, 3 8) How are web based sales processed? Does web based sales properly
4) update inventory within call center and property? Is web pricing and
availability updated regularly? If, so who controls and how is it
updated? How are emails, online complaints and questions resolved?
(1, 2, 3 9) How are gift certificates accounted for? Who controls this? Who
4) issues gift certificates?

Call Center Change Management Controls Done By WP Ref.

(1,3, 4) 1) Requests for program changes, system changes and maintenance
(including changes to system software) are standardized, documented
and subject to formal change management procedures.
(3, 4) 2) Information Technology management will ensure Major Changes
have signatory approval of senior management prior to production. IT
Management must approve all change requests, with required Capital
Expenditure (CE) being forwarded to Company ABCD Management
for approval.
(3, 4) 3) A Change Assessment must be performed prior to implementing any
changes and require proper managerial approval. IT Management
confirms the Change Assessments include:
• Impact Description
• Business Risk
• Backout Plan
• Personnel Involved in the Rollout and Testing
(3, 4) 4) A change request will only be closed when the users and process
owner agree the changes operate properly.
(3, 4) 5) Emergency change requests are documented and subject to formal
change management procedures.

Call Center Firewall and AntiVirus Controls Done By WP Ref.

 Call Center Review
Project #2000-04
Page 4 of 5
Audit Program

Obj. Step Done By WP Ref.

(1, 3, 4) 6) Is the call center software is protected by firewall? Does a Firewall
Policy exists? Deviations from the Policy require approval of the
Network Administrator and Network Director; documented in an
Incident Report.
(1, 3, 4) 7) Company ABCD implements an integrated antivirus and intrusion
detection technology which is based upon pattern definition files
supplied and updated from the OEM on a daily basis. Is the call
center covered under this technology?
(1, 3, 4) 8) Are all inbound email processed through approved Anti-Virus
software? In-bound email is subjected to antivirus and anti-spam
inspection using virus definition files which are automatically
updated via subscription service.
(1, 3, 4) 9) Are all call center workstations, laptops built using a standard image
file which includes anti-virus real-time protection (reference:
Laptop/Workstation Standard Configuration)? Any deviation from
the standard must be explicitly approved and documented within the
change record by the Network Director/or VP of Information
Technology.
(1, 3, 4) 10) Is call center Antivirus equipment or software automatically
generating and storing detailed logs relating to antivirus and intrusion
detection events as well as updates?

Call Center Backup and Recovery Controls Done By WP Ref.

(1, 2, 3, 1) A backup review process occurs for all new call center data or system
4) software, and for significant changes to call center data and systems.
The review is documented and approved in the change management
system prior to initiation of the change to the backup schedule.
(1, 2, 3, 2) Call center software, data, and operations are included in current
4) Disaster recovery plans cover Prevention (pre-disaster), continuity
(during a disaster): and recovery (post-disaster). Steps are identified
and required for the restoration of all systems and resources to full,
normal operational status.

Call Center Logical Access Controls Done By WP Ref.

(1, 2, 3, 1) Data Security Administration and Accountability is established and
4) regularly updated.
(1, 2, 3, 2) Programmers have unique user IDs and passwords. System access to
4) the call center software are consistent with job functions and all
changes to the system security software are approved by management
or security administrator. Changes and approvals are recorded.
 Call Center Review
Project #2000-04
Page 5 of 5
Audit Program

Obj. Step Done By WP Ref.

(1, 2, 3, 3) If a new user is created, is there a completed Service Account
4) Request, with an attached email that is sent to the recipient’s direct
manager requesting authorization to create the account. (The CIO or
Network Security Manager can authorize in lieu of the direct
manager).
(1, 2, 3, 4) The call center manager will compare the Service Access Reports
4) with the HR Staff Audit Report for validation and verification of each
user and appropriate user access level.