Related Posts
Additional Posts in IT Audits/Assurance
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Download the Fishbowl app to unlock all discussions on Fishbowl.
Copy and paste embed code on your site

Scan your QR code to download
Fishbowl app on your mobile

It’s not new guidance and falls in the realm of best practice. I get the sense that there is some sort of regulatory requirement your IA team is basing this on. For instance in SOX you do want to document all changes including routine changes that affect any systems involved in financial reporting. However, policy is policy so there should be some alignment between that and procedure which is a compliance test that external auditors may perform. Ask your IA team what’s driving the request and have them explain the rationale with you. If the tracking of all changes will cause an impact to your team then let them know - there may be other controls in your matrix that can compensate.
What does the change management policy say about this?
The change management policy does not require it