Control Intelligence

Change Management

Change request, approval, testing, and deployment controls for financial systems.

Sub-Process Score
71/ 100
Adequate
12/14 responses received
View AI AnalysisBack

Control Objectives (2)

IT-CM-01
COSO P11ICFR.ITGC.CM.01IIA IV.10.2
Changes to in-scope systems follow a documented change management process.
Risk: Unauthorized or untested changes disrupt financial systems.
Assessment Questions (3)
  • 01Every production change has a ticket with approval and test evidence.
  • 02Developers cannot push directly to production (SoD).
  • 03Emergency change procedure exists and post-change review is performed.Document
IT-CM-02
COSO P11ICFR.ITGC.CM.02IIA IV.10.2
Database schema changes and data migrations are reviewed by a DBA before deployment.
Risk: Unreviewed schema changes corrupt financial data or break reporting.
Assessment Questions (2)
  • 01Database changes require DBA or senior developer sign-off.
  • 02Rollback scripts are prepared and tested for data migrations.