Guide 2: Change and Patch Management Controls: Critical for Organizational Success
Download (members only): English (PDF, 800KB); Spanish (600KB); French (410KB)
Purchase from The IIA Research Foundation Bookstore
Rate this guide

Like information security, management of IT changes is a fundamental process that can cause damage to the entire enterprise and easily disrupt operations if it is not performed well. The objective of this guide is to convey how effective and efficient IT change and patch management contribute to organizational success.

Because audit's role requires it to assess risks and provide assurance to the organization, auditors cannot ignore the potential impact that changes to information systems and other IT assets can have on business operations. More importantly, this guide will give readers the necessary knowledge to help them counsel their boards about change-management risks and controls and to help their organizations comply with constantly changing regulatory requirements.

TABLE OF CONTENTS
Section 1: Summary for the Chief Audit Executive
Section 2: Introduction
Section 3: Why Should I Care About the Way My Organization Is Managing Change?
Section 4: Defining IT Change Management
Section 5: What Questions Should I Ask About Change and Patch Management?
Section 6: Three Months Later: Sydney's Story Concludes
Section 7: Where Should Internal Auditors Begin?
Section 8: Where Can I Learn More?
Section 9: Appendix A: IT Change Management Audit Program
Section 10: Appendix B: The Visible Ops Methodology
Section 11: Appendix C: Example Business Case for Change Management
Section 12: Appendix D: Change Management Tools and Vendors
Section 13: References

Authors
Jay Taylor, General Motors Corp. : : Glenn Hyatt, General Motors Acceptance Corp.
Julia Allen, Carnegie Mellon University, Software Engineering Institute
Gene Kim, Tripwire Inc.

Questions about this guide for the authors? E-mail guidance@theiia.org.