Fox & Sons Company: IT Change Management Policy Presentation Britt Bouknight Caitlyn Carney Xiaoyue Jiu Abey P John David Lanter Leonardo Serrano.

Slides:

Advertisements

Similar presentations

1 Welcome Training Programme Karachi Training Plan The objective of the workshop is to initiate the establishment of a training programme The.

Advertisements

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS

Radiopharmaceutical Production

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

iPremier(A) Denial of Service Attack – Case Study Presentation

Child Safeguarding Standards

IMFO Audit & Risk Indaba June 2012

Control and Accounting Information Systems

Introduction to Enterprise Risk Management (ERM)

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Six Steps to Implementing Change Management that Works Arvind Parthiban.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

IS Audit Function Knowledge

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Office of Inspector General (OIG) Internal Audit

Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.

Purpose of the Standards

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Information Technology Audit

An Auditor’s Perspective

Continual Service Improvement Process

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

Introduction to Internal Control Systems

Chapter Three IT Risks and Controls.

Roles and Responsibilities

Implementing and Auditing Ethics Programs

Compliance Monitoring and Enforcement Audit Program Background Information.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

IT Policies MIS 5202 – IT Governance Britt Bouknight Caitlyn Carney

DISTRIBUTION IMPLEMENTATION EXAMPLES AND TOOLS David Sandidge Director, Responsible Care American Chemistry Council June 1, 2011.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Audit Planning Process

SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.

Adaptive Processes Consulting Pvt. Ltd. An ISO 9001:2000 Certified Company This document is the property of and proprietary to.

IT Controls Global Technology Auditing Guide 1.

Chapter 9: Introduction to Internal Control Systems

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

1 The Value of Risk Management Risk management is an essential feature of successful project management If you don't manage risk your project will ultimately.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Vector INTERNAL CONTROL Mike Trigg. vector WHAT IS INTERNAL CONTROL? A key part of effective corporate governance Policies and processes to: - make operations.

Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:

Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Business Continuity Planning 101

An Auditor’s Perspective Jeani Allen Director of Internal Audit.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Team 1 – Incident Response

Alia Al-Nujaidi

Governance & Control in ERP Systems

Chapter 9 Control, security and audit

Week Ten – IT Audit Reporting

Presentation transcript:

Fox & Sons Company: IT Change Management Policy Presentation Britt Bouknight Caitlyn Carney Xiaoyue Jiu Abey P John David Lanter Leonardo Serrano

Why do we need this policy? Purpose & Objectives: Govern the change management process at Fox & Sons Co. Ensure that: Business processes not disrupted by changes Minimize impact of change incidents Mitigate the exposure to risks Rapid response to changing regulations and requirements Enhance communication effectiveness Applies to: All IT personnel Business unit management teams Executive Directors

Key Guidelines & Procedures 1.01 & 1.10 Documentation 1.02 Risk Management & Change Classification 1.03 Testing 1.04 Version control 1.05 Approval 1.06 Changes Affecting SLA’s 1.07 Communicating changes 1.08 Implementation 1.09 Fallback 1.11 Business Continuity Plans 1.12 Emergency Changes 1.13 Change monitoring

Roles & Responsibilities Change Management Board Change Management Manager Application Owners Developers/ Programmers

References & Questions References Internal References: Information Security Policy, # External References (Compliance & Audit) : COBIT 5 (AI6.1, AI6.2, AI6.4, AI6.5, AI6.2) ITAF Audit/Assurance for Change Management (2.5.1) Questions? Please Contact: Change Management Manager -

Change Management Quick Detail

Question During a change control audit of a production system, an IS auditor finds that the change management process is not formally documented and that some migration procedures failed. What should the IS auditor do next?

Possible Answers: A.Recommend redesigning the change management process. B.Gain more assurance on the findings through root cause analysis. C.Recommend that program migration be stopped until the change process is documented. D.Document the finding and present it to management.

Explanation: A change management process is critical to IT production systems. Before recommending that the organization take any other action (e.g., stopping migrations, redesigning the change management process), the IS auditor should gain assurance that the incidents reported are related to deficiencies in the change management process and not caused by some process other than change management.