Page 20 - Courses
P. 20

IT Change Management — IT Certificate

            Data Protection

            Change management is an evolutionary process, and each organization’s progression along the
            spectrum of maturity is unique. Many factors affect the organization’s position, trajectory, and rate
            of progress. Organizations should evaluate and improve change management processes on a
            consistent basis to keep up with technology and the global environment as much as possible.

            Care should be taken, when introducing a new change management process or updating an existing
            one. Changes that are poorly designed and implemented may result in unnecessary expenditures
            and unplanned/emergency work to minimize any negative impacts. Progressing to another maturity
            level is less important than the quality and integrity of the process to get there.

             TOPIC 4: PROVIDING ASSURANCE OVER IT CHANGE MANAGEMENT

            Providing Assurance Over Change Management

            The internal audit activity is in a unique position to help senior management and the board
            recognize the importance of effective change management. Internal auditors can contribute to the
            organization’s change management initiatives through consulting or assurance services.

            For example, internal audit can:
              Assess the governance, risk management, and control processes related to IT change
               management.
              Make recommendations consistent with leading IT change and patch management processes.
              Demonstrate how effective IT change management can help the organization reap the benefits
               of better risk management, greater effectiveness, and lower costs.
              Assist management in identifying practical, effective approaches to IT change management.
              Participate as nonvoting members of the change approval board.

            This unit largely focuses on providing assurance over IT change management, in accordance with
            The IIA’s International Standards for the Professional Practice of Internal Auditing.

            Proficiency and Due Professional Care

            IIA Standard 1210: Proficiency states that “internal auditors must possess the knowledge, skills, and
            other competencies needed to perform their individual responsibilities. The internal audit activity
            collectively must possess or obtain the knowledge, skills, and other competencies needed to
            perform its responsibilities.”

            IIA Standard 1210.A3 further explains that “internal auditors must have sufficient knowledge of key
            information technology risks and controls and available technology-based audit techniques to
            perform their assigned work. However, not all internal auditors are expected to have the expertise of
            an internal auditor whose primary responsibility is information technology auditing.”



            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   15   16   17   18   19   20   21   22   23   24   25