Page 197 - Courses
P. 197

IT Essentials — Computer Operations

                 Verify that data supports an organization’s IT, financial, legal, and security obligations.
                 Validate actual configuration items data stored in the CMDB against the authorized (via
                   change management) and discovered (via inventory/discovery tools) states through
                   verification, compliance, and audit checks.

            Understanding Configuration Management

            A change is any modification to the managed IT environment, including the addition, removal, or
            replacement of any network component or software configuration setting or service.

            Change management is the practice of ensuring that all changes to network components or software
            are carried out in a planned and authorized manner.

            This includes:
             Ensuring that there is a business or technology reason behind each change.
             Identifying the specific network component or software services affected by the change.
             Obtaining proper authorizations for the change from appropriate business and technical
            management.
             Planning the change.
             Testing the change.
             Establishing a back-out plan should the change fail.

            Capacity Management

            As suggested in The IIA’s GTAG “Information Technology Outsourcing, 2nd Edition,” as an
            organization grows, the demands on IT systems increase, and the capacity of networks, storage,
            computing, and support should keep pace with the increasing demands.

            Good capacity management ensures that the quality of service is continued at all times. Capacity
            planning is a part of the annual budget planning process for many organizations. Management will
            predict anticipated employment changes, and customer growth or decline. IT will use these
            predictions to approximate where and when capacity increases will take place.

            Continuity Management

            According to The IIA’s GTAG “Information Technology Outsourcing, 2nd Edition,” continuity
            management ensures that critical business operations can continue in the event of a service
            interruption or disaster.

            The details should be documented in a business continuity plan (BCP) and disaster recovery plan
            (DRP), and should ensure that the scope of the continuity plan contains clear and realistic recovery
            objectives and recovery time frames; is designed and developed to support recovery of critical
            business functions; and is reviewed, updated, and rehearsed regularly.



            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   192   193   194   195   196   197   198   199   200   201   202