Keeping your change management process honest

I paused to imagine what it would be like if every time my Windows administrators were about to make a change they could run an "audit risk meter" to check for errors or determine the risk of doing something that was against my change management policy. I have a feeling I would have a lot fewer unauthorized changes and production errors. Better yet, if I wanted to verify that all of the Windows patches were tested and approved, I could go to the "audit support center" to pull the information.

Actually the concept of an audit risk meter or audit support center is exactly what most of us need to keep our change management process honest. Most of us have spent a lot of time developing a process. If we don't ensure that it is followed, then we will never reap the rewards.

So how do you build an audit support center? Here are three steps to set up an audit process to keep your change management process honest:

Evaluate the process to define the scope

It is important that your audit support center is founded on and appropriately supports your change management process. Review your process and determine the key elements.

Here are a few examples of key elements in a change management process:

If the key elements are operating effectively, then your process is accomplishing its design purposes.

Digg This!     StumbleUpon     Del.icio.us

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AutoRun  (SearchWinIT.com) x86  (SearchWinIT.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

question: "Where does the information reside?" Typically, it is buried in a system log, registry, Active Directory object or configuration. When figuring out where the source is, you can begin to leverage a multitude of scripts, tools and products to facilitate the periodic and ongoing collection of the information.

For example, a weekly report detailing all users in the domain admin group would help me quickly assess if I have unauthorized users with access to make changes. Here are some of my favorite tools. Some are better than others, depending on your needs, environment and budget:

By using scripts and other reporting options, you can easily automate the collection of this information. Create or leverage an existing document repository location to store the information you are collecting – this will be the backbone of your audit support center.

Check for errors and make corrections

Does the information you are collecting support your defined process? If not, reevaluate either your process or the information you are collecting. Correct your errors and repeat the process.

With your audit support center established, you can proactively monitor your change management process and prepare yourself for an outside audit.

Russell Olsen is the CIO of a Healthcare Technology company and has previously worked for a Big Four accounting firm performing technology risk assessments and Sarbanes-Oxley audits. Olsen is a CISA, GSNA, and MCP.

Rate this Tip To rate tips, you must be a member of SearchWinIT.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.