After reading this guide, internal auditors will:

                      Have a working knowledge of the change management process.
                      Be able to distinguish effective change management processes from ineffective ones.
                      Be able to recognize indications of potential control issues related to change management in
                       IT environments.
                      Understand that effective change management hinges on implementing preventive, detective,
                       and corrective controls, including the appropriate segregation of duties and adequate
                       management supervision.
                      Be in a position to recommend the best practices for addressing these issues, both for
                       assurance that controls mitigate risks and for increasing effectiveness and efficiency.
                   For more information on IT general controls, readers may refer to The IIA’s GTAG “Information
                   Technology Risks and Controls.”


























































                   4 — theiia.org