IT Change Management Controls are integral to ensuring the completeness, accuracy, integrity and privacy of data. A robust change management process provides management with assurance only authorized and tested changes to systems and infrastructures are implemented. As such, the audit or compliance professional must have a solid understanding of the corresponding controls and IT operations best practices. In this course, attendees learn how to ensure proper controls have been identified and implemented to ensure data integrity and adequately protect corporate assets, company trade secrets and customer data.      

Change within the IT environment is often a requirement of business operations. Without the ability to effectively manage change, a company could experience system outages, loss of data and/or data integrity issues. Unauthorized or untested modifications can provide the opportunity for a security breach that could result in not only negative publicity but also regulatory sanctions. During this course, attendees will become familiar with the components of a proper change management program that ensures standardized procedures are applied to all modifications.

Additionally, we discuss opportunities to identify how the change management process can be made more effective and ensure requested changes are safe prior to deployment.  Lastly, we walk through policy and procedure analysis, review sample logs and discuss test procedures that can be performed to verify controls are in place. 


Learning Objectives
  • Explore IT Change Control Compliance Requirements and Best Practices.
  • Discover the best practices related to Change Management Processes.
  • Recognize audit procedures performed when auditing the Change Management Process.
  • Identify audit documentation methodologies and requirements.
Last updated/reviewed: March 26, 2024

Included In Certifications

This course is included in the following Certification Programs:

10 CoursesInformation Technology Auditor Certification

  1. Understanding Information Technology Governance and the Application of NIST
  2. Performing a Security Risk Assessment
  3. Auditing Data Security IT Computer Controls
  4. Auditing Third Party Service Providers and Cloud Environments
  5. Auditing Automated Business and Financial Transaction Processes
  6. Auditing Logical Security and Logical Access Controls
  7. Auditing Change Management
  8. Auditing the Network
  9. The Importance of Incident Response, Disaster Recovery and Business Continuity Planning
  10. Information Technology Audit Summary
11 Reviews (43 ratings)


Anonymous Author
I thought this was a great course. It covered a lot of topics I am familiar with but was a great refresher and helped me consider some things I hadn't before. I

Anonymous Author
Good overview of change management controls to help a beginner auditor understand concepts and importance of properly testing and documenting test results.

Anonymous Author
very good topical overview of the change managemet process with practical examples and considerations of risk why do we care

Anonymous Author
The training was refreshing. Nothing surprised me. This training will be beneficial to new Auditors.

Member's Profile
Simple training and straight to the point! Nicely done on both the content and delivery.

Member's Profile
Very informative and useful information. Thanks for providing tangible examples!

Anonymous Author
It was a good overview of what is important when you audit change controls

Anonymous Author
The course was very useful to understand Auditing Change Management.

Anonymous Author
Very good course. I recommended it to beginner IT auditors.

Anonymous Author
thank you for the course it was very informative. well done

Anonymous Author
Good course, well structured. A good learning venue.

Course Complexity: Intermediate

No advanced preparation or prerequisites are required for this course.


Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Auditing Change Management0:56
  Change Control Requirements10:05
  Change Control - The Audit7:25
  Auditing the Change Request Document11:41
  Change Request Template - Examples7:09
  Unit Test Plan7:00
  Documenting the process for Completing a Change6:04
  Auditing the Specification Document6:56
  Additional Change Control Audit Steps4:18
Continuous Play
  Auditing Change Management1:01:34
Supporting Materials
  Slides: Auditing Change ManagementPDF
  Workbook: Change Control TestXLXS
  Workbook: Change RequestXLXS
  Workbook: End User TestXLXS
  Workbook: Unit TestXLXS
  Auditing Change Management Glossary/IndexPDF
Review And Test