Automating Change Management to Ease Compliance Efforts
(Click here to register for a FREE webinar on this topic)
Failures in the area of Change Management have grave and far-reaching consequences. It has been widely recognized that poor Change Management practices can result in a failure to meet service commitments, but have you considered the impact if a poorly managed change affects your compliance efforts as well? This can put an organization in a precarious position involving audits and result in a negative public image.

Change Management is high in the list of IT priorities in 2008. Over the past decade, companies have been tackling Change Management for IT in a variety of ways. While most enterprises have taken steps to establish and refine Change Management procedures, more can be done. And the importance of doing so is not simply a management issue, but one of compliance with security, regulatory and audit provisions. No company can afford to take Change Management lightly.

Compliance refers to adhering to a variety of policies and measures for IT. It is often expressed in the context of security policies, yet it equally addresses policies that deal with adherence to regulatory requirements. IT governance, or running IT as a business, involves risk management, portfolio management, productivity and measuring financial results for IT investments. Change Management plays a role in both compliance and governance from an audit perspective and operationally to ensure that all changes meet established policies and the provisions for related regulations.

The adoption of process models such as ITIL plays a big role in Change Management evolution. Process models help IT to define "how it will manage itself as a business." Management technology offered by many solution providers now support the leading process models. Yet, many companies are not taking full advantage of opportunities to automate and integrate.

Controlling Change

Change Management, the service desk, workflow systems and the Configuration Management Database (CMDB) are all closely linked. Leveraging the value of each discipline and taking advantage of automated systems and pre-configured tools and templates is a great way to get started (or mature) in managing the Change process.

What kinds of issues arise with Change Management? As the table below illustrates, common themes are related to difficulty handling emergency changes to material systems, unauthorized changes and problems dealing with security and unauthorized access. Other concerns of particular interest to auditors tend to focus on answering the questions; did the work get completed as planned; why was the approved request not completed; and why was there no request for a particular change?

Costs and Impacts of Not Managing Change

The key to meeting many of these challenges is tight control on the Change Management process. There may be loopholes in approval procedures or in the Change Management guidelines. Reporting and tracking can also be a limitation due to insufficient automation in change management solutions and a lack of capabilities for tracking change history.

Some specific areas to address in managing the change process are:

Evolving Change

As organizations evolve and regulations continue to change, IT has no choice but to be more proactive in evaluating its existing methodologies, to address accountability for corporate executives and meet increasing legal demands. Defining a Change Management process needs to be done in the context of regulatory and business process constructs in your enterprise and there really is no right or wrong way to do it.

Corporations can look to published guidelines such as ITIL, but in the end, the specific steps involved will relate to a particular organization’s needs. Perhaps the most important recommendation to make is that a "closed-loop" process be created with review on a periodic basis.

Many steps can be taken to address Change Management in a step-by-step manner. Overall, enterprises should aim to reduce the number of unapproved changes and changes that collide with one another due to poor visibility. A focus on potential service impact is critical. Automated workflow engines can help to reduce the cycle time to review by delivering change request details to individuals promptly. These same systems can be used to improve efficiencies in validating less critical changes as well as documenting the audit trail for all changes.

Summary

While the job can be daunting, Change Management is a place where IT professionals and their management teams can gain real traction with the right toolsets. Using automation to jumpstart and streamline these processes, those responsible for Change Management are in a position to significantly support the business gain credibility for IT. The keys to be able to do so are effective use of toolsets and automation combined with investment in the area of best practices.

Want to learn more about using automated changed management to help enforce regulatory compliance?

Related programs

Related articles