The role of information technology (IT) control and audit has become a critical mechanism for ensuring the integrity of information systems (IS) and the reporting of organization finances to avoid and hopefully prevent future financial embarrassments. In early days, IT auditing (formerly called electronic data processing (EDP), computer information systems (CIS), and IS auditing) evolved as an extension of traditional auditing. At that time, the need for an IT audit function came from several directions

• Auditors had realized that technology can aid in the audit assessment
• Corporate and information processing management recognized that computers were key resources for competing in global markets
• Professional associations and organizations, and government entities recognized the need for IT control and audit ability

Initially, auditors with IT audit skills were viewed as the technological resource for the audit staff. The audit staff almost always used them to get technical assistance. However with the passage of time and more importantly with the growth of technology this attitude has changed. The IT auditor's role has evolved to provide assurance that adequate and appropriate controls are in place. However it will still be the management’s responsibility to ensure that the controls are in place. The audit's primary role is to provide a statement of assurance as to whether adequate and reliable internal controls are in place and are operating in an efficient and effective manner. Therefore, whereas management is to ensure, auditors are to assure. 

Today, IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards. It requires specialized knowledge and practicable ability, and often long and intensive academic preparation. Growth in technology has once again contributed and provides an IT auditor with better theoretical and empirical knowledge base to the IT audit function. Owing to the rapid diffusion of computer technologies and the ease of information accessibility, knowledgeable and well-educated IT auditors are needed to ensure that effective IT controls are in place to maintain data integrity and manage access to information. Organizations today operate in a dynamic global multi-enterprise environment with team-oriented collaboration and place very stringent requirements on the telecommunications network. The design of such systems is complex and management can be very difficult. Organizations are critically dependent on the timely flow of accurate information. This means that the products for which IT provides consumer feedback will also be of high quality, rich in information content, and come packaged with a variety of useful services to meet the changing business conditions and competition. This is also a key area in which an IT auditor through his audit reports provides key insights to the top management.

Going forward IT auditors will now have to act as change agents and provider assurance to management on the controls implemented. They will need to have expert knowledge about IT risks and controls, and to be effective, they need to be business-savvy and able to engage with top management and be proactive in initiating IT governance programs.

Change Management is all about successfully handling or managing the entire change that has to be implemented. The change can be taking place somewhere or else is expected to take place in day to day applications, corporate strategy, or even in the people as well. Change management's importance cannot be emphasized in excess. Change Management is an IT Service Management discipline. The main aim of Change Management is to ensure that there are standardized methods and procedures to toll out change to the IT infrastructure in any organization. This helps to reduce the impact of any related incidents upon service. A well implemented change management process should highlight the levels of risk caused by any change to the IT infrastructure and helps change planning so that the implementation is successful.

Let’s look at some of the industry best practices that define a good Change Management Process

1. Policy Communication: One of the first steps for any change management implementations is to ensure that all change management policies, procedures and standards are clearly spelt out and communicated throughout the organization. Also lay out the roles and responsibilities for all the personnel that would be a part of the change management process.

2. Issue Management: Enhancement requests and bug reports (for development projects) should be captured and submitted to the business for reviews. All enhancements must follow a pre defined change management process. As simple as it may sound it is really the basics that often get ignored that can lead to large scale repercussions.

3. Request Analysis: All requests for change should be analyzed. The analysis should be done by the Change approval Board (or more popularly known as the CAB). While analyzing any change request the CAB should take into account the significance of the change to the business as well as the cost impact of the change. Also the likelihood of a successful change implementation should also be taken into account.

4. Change Planning: However crucial the change request may be it is always advisable to plan for any change roll out. It is advisable and also standard industry practice to conduct emergency CAB meetings for crucial or high priority changes. Once approved document the input and output parameters as well try to identify the owners affected, business impact reason for change, success factors, testing results as well as a back out plan in case change implementation is not successful

5. Post Implementation review and closure: Changes rolled out would not close the change request that came in. It is also essential to monitor the change over a certain period of time in order to ensure that it has stabilized and has well and truly been embedded into the IT infrastructure as part of ongoing operations.

Though a change management process may sound pretty simple, most organization falter in getting the basic right. Ad hoc and random changes made to the IT infrastructure can cause more harm and grief than even worms and virus attacks. A well designed change management process can actually help the organization support team respond faster to customer requests. It helps organizations control and mitigates the impact of any changes and also reduces the negative impact on day to day operations.
Change planning helps reduce organizational downtime and unsuccessful implementations. Importantly it encourages a best practices thinking within the organizations and can complement the organization in meeting its strategic objectives.