

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Change Management, Coordinating and Controlling, Little Disruption, Steps for Change, Pre Implementation, Determine Cost, Benefit of New Change, Bain and Company, Audit Guidelines, Change Controls are some important points from lecture handout of Resource Management.
Typology: Study notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


Change Management
Audit Guidelines for Change Controls The best practice guidance Management should use COBiT resources as a source of best practice guidance COBiT enables the understanding of: Business objectives Communication of best practices Recommendations to be made Control Objective: Manage Changes High-level control objective AI6 states:
The management system should provide for the analysis, implementation and follow-up of all changes requested and made to the existing IT infrastructure. Manage Changes: The management system should consider the following: Identification of changes Categorization, prioritization and emergency procedures Impact assessment Change authorization Release management Software distribution Use of automated tools Configuration management
Audit Program for Change Controls See “Audit Program Change Control” (Under extra readings on topics – change management) Review General Processes Through interviews, determine: who prioritizes & justifies changes how user requests are assigned to programmers how testing is performed who approves changes how edited or new programs are put into production Adequate guidelines are established to instruct programming personnel in their duties Specific Process Completeness Validity of changes Adequate involvement
Access control Emergency changes One-time changes Review System Testing for: Testing procedures performed or checked by persons other than those involved in writing the programs Adequate controls to prevent production files from being used in testing Adequate testing procedures to prevent any unauthorized coding from being inserted into programs during their modifications Existence of a structured approach to testing based on the use of test plans Adequate supervision and segregation of testing activities Review User Acceptance Testing A user acceptance testing sign-off procedure is in place User acceptance testing is carried out in an appropriate environment, isolated from the production system Adequate consideration is given to the setting up of test data There is a structured approach to testing based on the use of test plans Parallel testing is carried out where practical Volume testing is carried out Review Testing Environment Access to the test environment is restricted to only authorized individuals IT testing is carried out in an appropriate environment, isolated from the production system Adequate consideration is given to the setting up of the test data