HOME

TheInfoList



Click Here for Items Related To - Change Management Auditing
OR:
Change Management Auditing on:   [Wikipedia]   [Google]   [Amazon]

Change management auditing is the process by which companies can effectively manage change within their
information technology Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...
systems. Changes to computer
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
must be monitored in order to reduce the risk of data loss, corruption, malware, errors, and security breaches.


Change risks

Proper change control auditing can lower the following risks: *
Security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
features of the network turn off. * Harmful code is distributed to users. * Sensitive
data Data ( , ) are a collection of discrete or continuous values that convey information, describing the quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted for ...
is lost or becomes insecure. *
Financial report Financial statements (or financial reports) are formal records of the financial activities and position of a business, person, or other entity. Relevant financial information is presented in a structured manner and in a form which is easy to un ...
errors occur.


Control procedure

The following features are commonly part of a change management auditing procedure: ;
Change management Change management (CM) is a discipline that focuses on managing changes within an organization. Change management involves implementing approaches to prepare and support individuals, teams, and leaders in making organizational change. Change mana ...
procedures are formally documented and controlled. ;Changes are requested in a formal process. : Requests are recorded and stored for reference. ;The effect of the requested change is assessed.:Each change is assessed based on its projected effect to the computer system and business operations. The assessment is documented with the request. : Priority is based on urgency, potential benefits, and the ease with which changes can be corrected. ;Controls are imposed on changes.:Changes are limited by automated or manual controls. In particular, unauthorized changes are periodically searched for. ;An emergency change process is in place.:Policies clearly define emergency changes. Generally, these are errors that significantly impair system function and business operations, increase the system's vulnerability, or both. Emergency changes override some, but not all, controls. For instance, a proposed change might be documented, but not permitted without authorization. ;Change documentation is periodically updated. ;Maintenance tasks and changes are recorded. ;Controls are applied to new
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
releases.:For security, new software releases often require controls such as back ups, version control, and a secure implementation. ;Software distribution is assessed for compliance.:Software distribution is assessed for compliance with license agreements. Noncompliance can have disastrous
financial Finance refers to monetary resources and to the study and Academic discipline, discipline of money, currency, assets and Liability (financial accounting), liabilities. As a subject of study, is a field of Business administration, Business Admin ...
and legal results. ;Changes are submitted for approval.:Proposed changes are submitted for approval after auditors have reviewed the required resources, other changes, the effect, urgency, and the system's stability. ; Duties are separated:Responsibility for creation, approval, and application are assigned to different personnel to avoid undesired changes. ;Changes are reviewed.:Changes are monitored to assess the efficacy of
change management Change management (CM) is a discipline that focuses on managing changes within an organization. Change management involves implementing approaches to prepare and support individuals, teams, and leaders in making organizational change. Change mana ...
policies.


See also

*
Change management Change management (CM) is a discipline that focuses on managing changes within an organization. Change management involves implementing approaches to prepare and support individuals, teams, and leaders in making organizational change. Change mana ...
*
Information technology audit An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the inform ...
* Information technology audit - operations


References

{{reflist


External links


International Organization for Standardization (ISO)

Information Systems Audit and Control Association (ISACA)
Information technology management