Change Management Audit/Assurance Program 


Change Management Audit/Assurance Program  Download (Member Only, 2.4M)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Change Management Knowledge Center community

The audit/assurance programs reflect the IT Assurance Framework (ITAF) sections 3400—IT Management Processes, 3600—IT Audit and Assurance Processes and 3800—IT Audit and Assurance Management and were developed in alignment with the Control Objectives for Information and related Technology (COBIT®)—specifically COBIT 4.1.

Objective—Perform a review of the change management process to provide management with assurance that the process is controlled, monitored and is compliance with good practices.

Scope—The review will focus on the program change management processes. It will rely on the system’s development methodology to provide a design, development and testing methodology, and the system’s request and incident management processes to provide input to the change management system. All processes affecting these functions prior to the system’s request or incident/problem ticket entering the change management process are outside the scope of this review.

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and necessary subject matter expertise to adequately review the work performed.