Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Program Management Office (PMO) Design
Environmental Management System Implementation
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Six Steps to Implementing Change Management that Works Arvind Parthiban.
Auditing Computer Systems
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
The ISO 9002 Quality Assurance Management System
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Computer Security: Principles and Practice
Remedy, a BMC Software company Change Management Maximize Speed and Minimize Risk in the Change Process.
Session 3 – Information Security Policies
Project Closure CHAPTER FOURTEEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Network security policy: best practices
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Release & Deployment ITIL Version 3
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Fundamentals of ISO.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Central Piedmont Community College Internal Audit.
Basics of OHSAS Occupational Health & Safety Management System
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Company duties under the ISM Code
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
Chapter Three IT Risks and Controls.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.
Service Transition & Planning Service Validation & Testing
Evaluation of Internal Control System
Software Project Management
Prime Responsibility for Radiation Safety
Change and Patch Management Controls
Assessment Workshop Title of the Project (date). Project Title Assessment Workshop October 25, 2015© Company Name All rights reserved2 Agenda Purpose.
a guidance to conversion
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.
Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.
Managing Change 1. Why Do Requirements Change?  External Factors – those change agents over which the project team has little or no control.  Internal.
Where We Are Now 14–2. Where We Are Now 14–2 Major Tasks of Project Closure Evaluate if the project delivered the expected benefits to all stakeholders.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
ISO DOCUMENTATION. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to:  Name.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Click to edit Master title style Click to edit Master text styles Second level TOOLBOX TALK MANAGING AIRSIDE SAFETY.
The Implementation of BPR Pertemuan 9 Matakuliah: M0734-Business Process Reenginering Tahun: 2010.
The common structure and ISO 9001:2015 additions
State of Georgia Release Management Training
Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.
~ pertemuan 4 ~ Oleh: Ir. Abdul Hayat, MTI 20-Mar-2009 [Abdul Hayat, [4]Project Integration Management, Semester Genap 2008/2009] 1 PROJECT INTEGRATION.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Database Administration Advanced Database Dr. AlaaEddin Almabhouh.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Understanding the Principles and Their Effect on the Audit
NEEDS & EXPECTATIONS: INTERESTED PARTIES TO ISO & AS9100
Построение культуры integrity в компании Aнар Каримов партнёр «ЭКВИТА»
Description of Revision
Alignment of COBIT to Botswana IT Audit Methodology
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner

Definition of Change Management Process of planning, organizing, coordinating and controlling the compositions of the environment, internal and external; to ensure that the process changes are implemented according to approved plans and the overall objectives of introducing the changes are achieved with as little disruption as possible. Oseni, Ezekiel, 10/26/08, “Change Management in Process Change,” 2007, Journal Online.

Process Changes Responsibility of top management Not only have to manage their employees but their whole environment that’s affected:  Suppliers  Customers  Competitors Can be very draining on finances and people involved

Steps for change: 1) Pre-implementation Realize the need for change Determine cost/benefit of new change Management must support the new change and display this support to others 3 ways to deal with resistance to change  Ignore it  End it by preventing it  Implement crisis management

Steps for change: 2) Implementation Many companies fail before they make it here Elect a standing committee Composed of all departments affected Meet on a regular basis Meet when problems arise in order to find solutions Should appreciate all stakeholders for their patience and understanding

Steps for change: 3) Post-implementation Make sure project achieved planned results Problems that arise after implemented are found and dealt with May still have resistance due to Lack of training New culture

Bain & Company Example 1)Plan 2)Lead 3)Operate 4)Track

Audit Guidelines for Change Controls The best practice guidance  Management should use COBiT resources as a source of best practice guidance COBiT enables the understanding of: Business objectives Communication of best practices Recommendations to be made

Control Objective: Manage Changes High-level control objective AI6 states:  The management system should provide for the analysis, implementation and follow-up of all changes requested and made to the existing IT infrastructure.

Manage Changes: The management system should consider the following:  Identification of changes  Categorization, prioritization and emergency procedures  Impact assessment  Change authorization  Release management  Software distribution  Use of automated tools  Configuration management

Audit Program for Change Controls Review General Processes  Through interviews, determine: who prioritizes & justifies changes how user requests are assigned to programmers how testing is performed who approves changes how edited or new programs are put into production  Adequate guidelines are established to instruct programming personnel in their duties Source: See Audit Program Change Control (Under extra readings on topics – change management)

Audit Program for Change Controls Specific Process  Completeness  Validity of changes  Adequate involvement  Access control  Emergency changes  One-time changes Source: See Audit Program Change Control (Under extra readings on topics – change management)

Audit Program for Change Controls Review System Testing for:  Testing procedures performed or checked by persons other than those involved in writing the programs  Adequate controls to prevent production files from being used in testing  Adequate testing procedures to prevent any unauthorized coding from being inserted into programs during their modifications  Existence of a structured approach to testing based on the use of test plans  Adequate supervision and segregation of testing activities Source: See Audit Program Change Control (Under extra readings on topics – change management)

Audit Program for Change Controls Review User Acceptance Testing  A user acceptance testing sign-off procedure is in place  User acceptance testing is carried out in an appropriate environment, isolated from the production system  Adequate consideration is given to the setting up of test data  There is a structured approach to testing based on the use of test plans  Parallel testing is carried out where practical  Volume testing is carried out Source: See Audit Program Change Control (Under extra readings on topics – change management)

Audit Program for Change Controls Review Testing Environment  Access to the test environment is restricted to only authorized individuals  IT testing is carried out in an appropriate environment, isolated from the production system  Adequate consideration is given to the setting up of the test data  Test environment provides an adequate representation of the production environment Source: See Audit Program Change Control (Under extra readings on topics – change management)

Audit Program for Change Controls Review Backup and Recovery  Procedures are in place to consider the impact of change on other applications or to determine need for upgrading software  Operations regularly backs up production program libraries, together with a record of changes made between back-ups  Controls to ensure proper recoverability of program libraries should a failure occur and that the recovery process introduces no errors Source: See Audit Program Change Control (Under extra readings on topics – change management)

Change Management Change Management ensures:  Standardized methods  Processes and procedures are used for all changes  Facilitation of efficient and prompt handling of all changes  Maintaining proper balance between the need for change and the potential negative impact of changes

Common Traps to avoid! 1. Misstarts Change is ill-advised and without sufficient commitment. 2. Making change an option Management asks for change instead of enforcing change 3. A focus only on process Focus on process not results for initial implementation 4. A focus only on results Focus completely on the end result with little concern for problems with change 5. Not involving those expected to implement the change Management decides on change without consulting employees 6. Delegation outside company Giving outside consultants complete power for change 7. No change in reward system If you reward employees the same way you will get the same work 8. Leadership doesn't walk the talk Leadership preaches change, but does not set the example 9. Wrong size Change is too small or big 10. No follow-through Management does not clearly define responsibility and thus the change is not executed properly Source:

Developing a Change Management Plan Raising and recording of changes Forecasting the impact, costs, benefits and risk of future changes Developing business justification and obtaining approval Managing and coordinating change implementation Monitoring and reporting on implementation, reviewing and closing change requests

Example Handout: Change Management Plan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.