BAI06.01 Evaluate, Prioritize, and Authorize Change Requests

Illustrative Controls and the TIBCO LogLogic Solution

Managing changes addresses how an organization modifies system functionality to help the business meet its financial reporting objectives. Deficiencies in this area might significantly impact financial reporting. For example, changes to the programs that allocate financial data to accounts require appropriate approvals and testing before the change to ensure classification and reporting integrity.

Businesses must ensure that requests for program changes, system changes, and maintenance (including changes to system software) are standardized, documented, and subject to formal change management procedures.

To satisfy this control objective, administrators must review all changes to the production environment and compare the changes to documented approvals to ensure the approval process is followed. From the archived audit log data, obtain a sample of regular and emergency changes made to applications or systems to determine whether they were adequately tested and approved before being placed into a production environment. Trace the sample of changes back to the change request log and supporting documentation.

Review all changes to the production environment and compare the changes to documented approvals utilizing alerts and reports on policy modifications, groups activities, escalated privilege activities, and permissions changed.

Reports and Filter Bloks

Use the following link or reference to see the BAI06.01 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.