Navigation:


DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
Thread Title: Detection of unauthorized IT Changes
Created On Tuesday August 21, 2012 4:31 PM
  Detection of unauthorized IT Changes
  Detection of unauthorized IT Changes
  Detection of unauthorized IT Changes


garykral


Posts: 2
Joined: Aug 2012

Tuesday August 21, 2012 4:31 PM

User is offline View users profile View thread in raw text format

I am currently working on an IT change management audit. I have read through GTAG2 and came across something that had me questioning something. It states there should be a detective control the detects unauthorized changes. How does your organization do this? Is there a software program that does this?

Thanks for any input.

Gary

Reply
Quote
Top
Bottom



hopingtopass


Posts: 17
Joined: Jul 2012

Thursday August 23, 2012 1:41 AM

User is offline View thread in raw text format

Someone without the ability to perform system maintenance should periodically review changes in system, and trace sample of transactions to supporting documentation/approval. Unless authorizations are required and recorded within the IT system, it would not be possible to use a software program to automatically identify unauthorized changes.

If an electronic approval is required by system, and recorded in system, then you could run a simple report showing all changes and approval for each change as recorded in system, or even better, run an exception report showing all changes without accompanying approals.

Reply
Quote
Top
Bottom



garykral


Posts: 2
Joined: Aug 2012

Thursday August 23, 2012 10:41 AM

User is offline View users profile View thread in raw text format

Our approval system for IT changes currently is run through SharePoint. A document is filled out and then approve through sharepoint. So, I have no way of knowing what changes have actually been made other than by looking at the sharepoint site, which obviously those changes followed the change management protocol.

What I am trying to figure out is how can I get an independent list of change? How do I find changes that were made and then trace it to the sharepoint documents?

I already have the list of authorized changes via our sharepoint approval process. What I need is a list of all changes. From what I gather from your reply the only way to do this is to manually review the system. There is no kind of software that logs this information automatically?

Reply
Quote
Top
Bottom

DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
The Institute of Internal Auditors • 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA
+1-407-937-1100 • FAX +1-407-937-1101 • www.theiia.org