Global Technology Audit Guide (GTAG) – Recommended Guidance
Change management in the IT environment is, as the guide’s title states, critical for organizational success. Organizations are bombarded with change requests ― not only to improve or update existing application functionality, but also to implement necessary patches to help secure those applications, and in some cases to comply with relevant regulatory requirements. Managing the flow of requests should be handled efficiently and effectively to avoid mishaps, rework, unintended consequences, or even system failure.
The updated third edition of this topic will help internal auditors understand the risks and controls associated with IT change management and how to assess the operational efficiency of processes involving change management.
This guide provides tools to help internal auditors obtain and evaluate evidence that management’s assertions are accurate, and explains how to provide assurance over this critical area.
This guidance will enable internal auditors to:
- Have a working knowledge of IT change management processes.
- Distinguish effective change management processes from ineffective ones.
- Recognize red flags and indicators that IT environments are having control issues related to change management.
- Understand that effective change management hinges on implementing appropriate preventive, detective, and corrective controls to ensure adequate management supervision.
- Recommend best practices for addressing issues, both for assurance of risks and increasing effectiveness and efficiency.