process. Sequential steps should be followed in the evolution of a needed change, as shown in
                   the example in Figure 18.

                    Figure 18: Sample Steps in a Change Process




































                   Source: The Institute of Internal Auditors.

                   Robust testing ensures the quality of the information affected by the change. Changes should be
                   developed and tested in nonproduction environments, such as a development or test (DEV and
                   TEST) environment first by IT then provided to the business unit for acceptance testing. A user
                   acceptance test plan is developed by end-users who have experience with the process being
                   tested, and should identify key business activities or functions affected by the change. These
                   factors can contribute to developing an effective user acceptance test plan:

                      Participation by the application and business unit representatives with direct knowledge of the
                       application and data to be tested.

                      Clearly stated objectives and event-driven test scenarios based on the business activity
                       cycle, including high-risk activities (e.g., potential revenue loss/interruption or legal issues).

                      A set of required test conditions for the business scenario, rather than conditions based on
                       variations of a software program.

                      A set of predetermined test results for the test plan.
                      Defect tracking and resolution.
                      Diligence monitoring techniques to follow subsequent to the production (PROD) move.

                      Interrelationships and impacts with other applications.





                   39 — theiia.org