From the course: Building a Data-Driven Audit

Unlock this course with a free trial

Join today to access over 24,600 courses taught by industry experts.

Fieldwork and change management

Fieldwork and change management

- Winding down our zoolilly.com saga, we already mentioned that the employee's access to the systems code was appropriate and that's how they managed to initiate the scheme. But shouldn't there have been some kind of control in place to prevent them from making nefarious changes to critical systems? The answer is yes, there should have been. Let's talk about change management controls. There are a few main components to change management when it comes to making changes to a systems code. You should be testing all changes in a separate environment dedicated to testing. All changes that need to be made to a system need to go through an approval process. And most importantly, that approver should be someone separate from the person that developed and or tested the change. The purpose of testing change management controls is to ensure that all changes to systems, software, or configurations are properly authorized, tested, and documented before implementation. Some ways to go about…

Contents