🔄 Change Management
🧭 Planning:
Reviewed change logs and tickets from both routine and emergency changes.
🎯 Objectives:
-
Confirm changes are properly approved, tested, and documented
-
Validate segregation of duties and backout planning
📌 Procedures:
-
Sampled 20 change tickets
-
Assessed test plans, CAB approvals, and rollback procedures
-
Reviewed 3 emergency changes for proper documentation
📑 Working Papers:
-
WP-ITGC-CM001: Change control sample analysis -
Change calendar, ticket system (ServiceNow)
📊 Findings:
-
❗ 2 changes lacked formal testing
-
❗ 1 emergency change was undocumented
-
⚠️ No audit trail for one CAB decision
🧰 Tools Used:
ServiceNow, CAB minutes, testing evidence
✅ Recommendations:
-
Enforce mandatory documentation for emergency changes
-
Require dual approval for high-risk changes
-
Archive CAB meetings and minutes in central repository
