Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The aims of this session are:
to describe the importance of change
management controls in a application
development
to identify risks associated with
inadequate change controls and the
controls a client may put in place to
address those risks.
The systems development process should lead
to the implementation of a system which satisfies
audit requirements:-
Change is inevitable
Changes may affect many parts of the system
Have impact on the audit trail,control systems
system functionality and system logic
Effect of change may be out of proportion
What Is Change Management
Change management
v is a systematic approach to dealing with
change, both from the perspective of an
organization and on the individual level.
v has at least three different aspects,including:
adapting to change, controlling change, and
effecting change
A proactive approach to dealing with change is
at the core of all three aspects
ln organisational acceptance
•For an organization, change management means defining
and implementing procedures and/or technologies to deal
with changes in the business environment and to profit
from changing opportunities. Iin application development
process
•In a computer system environment, change management
refers to a systematic approach to keeping track of the
details of the system (for example, what operating system
releaseis running on each computer and which fixes have
been applied). System migration
• A structured procedure to change from existing to new
system
OBJECTIVE OF CHANGE MANAGEMENT
The objective of Change Management is to
ensure that
i standardised methods and procedures are
used for It’s client
To enhance
functionality
To make systems
operations easier,
more efficient
To increase capacity
or performance
Routine updates
To meet changes in
business or
reporting
requirement
To rectify problems
ITo improve security
To adhere with changes in
Policies Guidelines
standards
To suit organisation's
Aim of change controls
Change controls are designed to ensure that
all changes to systems configurations are
authorised, tested, documented, controlled,
the systems operate as intended and that
there is an adequate audit trail of changes.
changes
Unauthorised changes
Implementation problems
Erroneous processing,
reporting
User dissatisfaction
Maintenance problems
Use of unauthorised software
and hardware
:- DProblems with emergency
l_p_rO_C_e_d_U_r_e_S_f_O_r_C_h_a_n_g_e_re_q_u_e_s_t_------"
[~___..p_ro_c_e_d_u_r_e_s_f_o_r_m_a_n_a_g_e_m_e_n_t_a_u_t_
h_o_ri_s_a_ti_o_n _
, Management review of the effects of any C changes
"
~~_M_a_i_n_te_n_a_n_c_e_o_f _a_d_e_q_U_a_te_re_c_o_r_d_5
~"~_p_r_o_ce_d_u_r_e_s_f_o_r_m_a_k_in_ge_m_e_r_g_e_n_c_y_c
_h_a_n_g_e_s "l
Thorough testing before amended software is
[_ used In the Ilv. env;,onment [," The p,epa<atlon of fallback plans
National Audit Academy
l
]
The potential impact on the IT systems and services
to users (capacity, security, system response times,
reliability
The effect of not implementing the change (the do
nothing approach)
resources required to implement the change (costs,
people)
Future resource requirements if the change goes ahead
Approved RFC
Updated
Systems/User
Documentation
Source Code
Accepted
Programs
Application
Programmer
User Acceptance
Testing
Application
[lChange Requested By
c1Date of Change Request
dChange Description and impact
c:Change Priority
(Impact Assessment· tech-mcal
[}Ibusinesslfinancialltiming impact
Signatories
J
J
J
J J
J
J
J
Carried out to determine:
if the change has achieved the planned results
if users are content with the amended product
if there have been any unforeseen problems or
unexpected side effect
[ if the resources required to implement and operate the
amended system were as planned.
whether any lessons can be learnt for the next time
Emergency change procedures
used when the normal changes
procedures take too long.
"Quick fix" procedures
Control are still required, e.g.
•Emergency change approval
•Audit trail
•Retrospective approval
•Retrospective testing
•Documentation
F A combination of technologies and practices for
tracking and
controlling changes to source code.
F Work on a copy of source code with the latest
version
F Ensures correct software version being used in
the live environment.
Need for
consistency
Current version
in production
library
Archiving of old
versions
Version numbers
used as
identifiers
•,e.g.
•Version 1.0,
1.1, 1.1.3,
2.7 etc