Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Auditing Change Controls and Patch Management - Internal Audit Risk Management for Change Controls
03/13/06
Auditing Change Controls and Patch Management - Internal Audit Risk Management for Change Controls
Change control refers to processes within an organizations IT department which manage upgrades, patches, incremental fixes to production systems. Thus change and patch management would include, system upgrades including applications, operating systems and database revisions and infrastructure changes. In a laymans language, change controls are nothing but controls relating to IT changes. Recently, a lot of emphasis is given on auditing change controls. In a presentation made by one of my friends (CIO of a fortune 500 company) he discussed why auditing change control is now imperative for organizations. His presentation made interesting reading. The main reasons he listed in his presentation included:
1. Regulatory requirements - With Sarbanes Oxley and other regulations, auditing change controls is now part of the overall assurance framework. Audit committees and senior management now lay increased stress on change management.
2. Pervasive Information Technology - Any business decision these days invariably results in an IT chnage. This is beacuse almost all organizations are heavily IT dependent. A recent study confirmed that 80% of all system downtime was beacuse of change management issues.
3. Change Management & Internal Audit - One slide in his presentation stressed on the fact that management cannot always rely on external IT audits and assessments for IT assurance. Internal audit can proactively ensure that changes and patches are installed with minimal disruption. Even management would trust internal auditors more than an outside IT audit consultant. Internal audit is now responsible for providing IT audit assurance.
Related Posts
Internal Audit Antifraud Action Plan
Sarbanes Oxley and XBRL
Sarbanes Oxley Record Retention Requirements
SOX - Identifying Significant Accounts
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
