The IIA Releases New Practice Guide on IT Change Management
Now in its third edition, this new guide helps internal auditors understand and assess IT change management, a process that, when designed and implemented effectively and efficiently, can promote repeatable, defined, predictable systems of change in the IT environment. This guide will help the internal auditor identify risks and assess this important process.
Ineffective and inefficient IT change management can cost an organization in many ways:
- Failure to achieve business objectives.
- Outages and unplanned work.
- Control deficiencies that may result in regulatory noncompliance.
- And much more.
This updated guide explains the risks that can expose an organization to unintended consequences resulting from an ineffective IT change management practice. It provides tools auditors can use to determine the characteristics of a mature, effective, and systematic change management process.
- Risks related to change management.
- Elements of change management.
- Characteristics of effective change management.
- Assessing patch risks and scheduling of patch implementation.
- The role of internal audit in IT change management.
IIA members are invited to download this guidance and all guidance as a benefit of membership. Nonmembers may purchase Supplemental Guidance by visiting the IIA Bookstore.