Guide 2: Change and Patch Management Controls: Critical for Organizational Success
With the impact of business process outsourcing, ERP implementation failures, and changes in the regulatory requirements such as Sarbanes Oxley Section 404, The IIA recognizes that guidance on IT change and patch management is urgently required. Change and Patch Management Controls: Critical for Organizational Success is the second in the GTAG^® Series. Why has The IIA chosen to provide guidance on this subject?

This publication is about managing risks that are a growing concern to those involved in the governance process. Like information security, management of IT changes is a fundamental process that can cause damage to the entire enterprise and easily disrupt operations if it is not performed well. This enterprisewide impact makes change management of interest to many audit committees and, as a result, to top management.

The objective of this guide is to convey how effective and efficient IT change and patch management contribute to organizational success. The target audience is CAEs, their peers, and their staff. Because audit's role requires it to assess risks and provide assurance to the organization, auditors cannot ignore the potential impact that changes to information systems and other IT assets can have on business operations. More importantly, this guide will give readers the necessary knowledge to help them counsel their boards about change-management risks and controls and to help their organizations comply with constantly changing regulatory requirements.

Download Change and Patch Management Controls: Critical for Organizational Success (PDF, 1 MB)
Purchase the printed version.

Download GTAG Guide 2 PowerPoint slides (PPT 107KB)

Download form for permission to translate to another language (Word, 95KB)