Online Courses
IS Auditing, Controls and Assurance
Online Courses
IS Auditing, Controls and Assurance
  • Information Systems Auditing, Controls and Assurance
  • Introduction to Information Systems (IS) Auditing
    • Risk in Information Systems (IS)
    • Risk Management Process
    • Identify Internal Controls
    • Quiz
  • General IS Audit Procedures
    • Understant the audit areas/subjects
    • Compliance Testing and Substantive Testing
    • Practice Quiz
    • Evidence
    • ISACA Outlines Five Steps to Planning an Effective IS Audit Program
    • Quiz
  • Business Application Development and the Roles of IS Auditors
    • What is business application development process / Systems Development Life Cycle (SDLC)?
      • SDLC Models
    • Feasibility and Requirements
    • Design and Selection
    • Development and Configuration
    • Configuration - Input/Output Controls
    • Implementation
    • Post-Implementation Review
    • Risks Associate with Application Development
    • Role of IS Auditor in SDLC
    • Quiz
  • IS Maintenance and Control
    • IS Maintenance Practices
    • Change Management
    • Documentation
    • Emergency Changes
    • IS Controls
    • Quiz
Powered by GitBook
On this page
  • Audit Trail
  • Change control follows a predictable process
  1. IS Maintenance and Control

Change Management

Change management is all about making changes to a system in a controlled and organized way. When we want to make a change to a system, the most important thing is to ensure that the change is approved and authorized. We don't want any unauthorized changes happening.

There are a few steps involved in the change management process. First, we need to request the change and get it approved. Then, we document the change and test it to make sure it works properly. We present the testing results to a change control board for review. Once the change is approved, we implement it and document the changes made.

Two important things in change management are approval and documentation. Only approved changes should happen, and we need to keep a record of all the changes made. This helps us ensure that everything is done properly and that we can track any changes made to the system.

There are also different environments in change management. The development environment is where we create and develop a new system. The production environment is where the system is used for day-to-day operations. We also have a test environment where we can make changes without affecting the production environment. It's important to have proper approval and separation of duties when making changes in these environments.

Overall, change management is about making changes to a system in a controlled and authorized way, while keeping proper documentation and following a predictable process.

Audit Trail

  • Name

  • Timestamp

  • Who has given approval

  • Before image

  • After image

Change control follows a predictable process

  1. Request the change

  2. Approve the change request

  3. Document the change request

  4. Test the proposed change

  5. Present the results to the change-control board

  6. Implement the change, if approved

  7. Document the new configuration

PreviousIS Maintenance PracticesNextDocumentation

Last updated 8 months ago