Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Change risks 2 Control procedure 3 See also 4 References 5 External links

Change management auditing

Add links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Change management auditing is the process by which companies can effectively manage change within their information technology systems. Changes to computer software must be monitored in order to reduce the risk of data loss, corruption, malware, errors, and security breaches.

Change risks[edit]

Proper change control auditing can lower the following risks:

Security features of the network turn off.
Harmful code is distributed to users.
Sensitive data is lost or becomes insecure.
Financial report errors occur.

Control procedure[edit]

The following features are commonly part of a change management auditing procedure:

Change management procedures are formally documented and controlled.
Changes are requested in a formal process.: Requests are recorded and stored for reference.
The effect of the requested change is assessed.: Each change is assessed based on its projected effect to the computer system and business operations. The assessment is documented with the request.; Priority is based on urgency, potential benefits, and the ease with which changes can be corrected.
Controls are imposed on changes.: Changes are limited by automated or manual controls. In particular, unauthorized changes are periodically searched for.
An emergency change process is in place.: Policies clearly define emergency changes. Generally, these are errors that significantly impair system function and business operations, increase the system's vulnerability, or both. Emergency changes override some, but not all, controls. For instance, a proposed change might be documented, but not permitted without authorization.
Change documentation is periodically updated.
Maintenance tasks and changes are recorded.
Controls are applied to new software releases.: For security, new software releases often require controls such as back ups, version control, and a secure implementation.
Software distribution is assessed for compliance.: Software distribution is assessed for compliance with license agreements. Noncompliance can have disastrous financial and legal results.
Changes are submitted for approval.: Proposed changes are submitted for approval after auditors have reviewed the required resources, other changes, the effect, urgency, and the system's stability.
Duties are separated: Responsibility for creation, approval, and application are assigned to different personnel to avoid undesired changes.
Changes are reviewed.: Changes are monitored to assess the efficacy of change management policies.

References[edit]

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Change_management_auditing&oldid=1108588951" Category: ●Information technology management ●This page was last edited on 5 September 2022, at 07:18 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view