Table F.1 (continued)
                     Monitoring and Reporting

                     Control Objective: To ensure the process is functioning as intended and is understood by those involved and
                     impacted.
                     Risk: Unknown issues.
                     Control: Metrics: Collected, analyzed, and reported to management and those involved in the process.
                     Work Steps:
                     Determine what metrics exist, how they are calculated, and by whom. Identify to whom they are reported.
                     Determine whether the metrics are appropriate, complete, and accurate.

                     Common metrics collected for the change management process include:
                            Total number of changes for a set period.

                            Changes that were successful.
                            Success or failure of rollback plans.
                            Changes that deviated from the defined change management process.

                            Percentage of emergency changes.
                            Number of outages during a set period.
                            Percent of unplanned work of total work performed by IT personnel.















































                   36 — theiia.org