AI6.1 - Change Standards and Procedures Overview

Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Privacy/Data Protection

Regulations

Risk

Standards

Business Analytics/Intelligence

Business Continuity-Disaster Recovery Planning

COBIT (4.1 and earlier) - Use it Effectively

COBIT (4.1 and earlier) Implementation

Continuous Monitoring/Auditing

Financial Reporting Compliance

Information Security Management

Information Security Policies/Procedures

Intrusion Prevention/Detection

Project/Program/Portfolio Management (P3M)

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

AI6.1 - Change Standards and Procedures

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI6.1 - Change Standards and Procedures is contained within Process Popup Manage Changes.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:

2 Members
0 Online
824 Visits

Recent Discussions

Knowledge Center Manager

Title: Become a Topic Leader!

Points: 3

Change Standards and Procedures

Set up formal change management procedures to handle in a standardised manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms.

View value and Risk Drivers help

Hide value and Risk Drivers help

Value Drivers

An agreed-upon and standardised approach for managing changes in an efficient and effective manner
Changes reviewed and approved in a consistent and co-ordinated way
Formally defined expectations and performance measurement

Risk Drivers

Inappropriate resource allocation
No tracking of changes
Insufficient control over emergency changes
Increased likelihood of unauthorised changes being introduced to key business systems
Failure to comply with compliance requirements
Unauthorised changes
Reduced system availability

View Control Practices help

Hide Control Practices help

1. Develop, document and promulgate a change management framework that specifies the policies and processes, including:
- Roles and responsibilities
- Classification and prioritisation of all changes based on business risk
- Assessment of impact
- Authorisation and approval of all changes by the business process owners and IT
- Tracking and status of changes
- Impact on data integrity (e.g., all changes to data files being made under system and application control rather than by direct user intervention)
Establish and maintain version control over all changes.
Implement roles and responsibilities that involve business process owners and appropriate technical IT functions. Ensure appropriate segregation of duties.
Establish appropriate record management practices and audit trails to record key steps in the change management process. Ensure timely closure of changes. Elevate and report to management changes that are not closed in a timely fashion.
Consider the impact of contracted services providers (e.g., of infrastructure, application development and shared services) on the change management process. Consider integration of organisational change management processes with change management processes of service providers. Consider the impact of the organisational change management process on contractual terms and SLAs.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 18 total

Must be a Topic member to contribute

View All »

Books

An Executive Guide to IFRS: Content, Costs and Benefits to Business

International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world.

Posted by ISACA 57 days ago

Research

Sustainability

Posted by ISACA 222 days ago

Books

IT Governance: Polices & Procedures, 2012 Edition

Posted by ISACA 229 days ago

E-book

Audit/Assurance Program: Business Continuity Management (Web Download)

Posted by ISACA 242 days ago

Research

Business Continuity Management Audit/Assurance Program (Sep 2011)

Posted by ISACA 251 days ago

Books

Principles and Practices of Business Continuity: Tools and Techniques

Posted by ISACA 496 days ago

View All »

Events & Online Learning: 7 total

View All »

7 May 2012

ISACA International Event

North America CACS 2012

Orlando, Florida, USA

Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.

Add to my Outlook

12 Jun 2012

ISACA International Event

Training Dallas Texas USA

Dallas, Texas, USA