For systems to do their job, they need to adapt constantly. Changes are made daily. Tracking those changes is a core requirement of monitoring your business, and is required by most regulations and standards. Do you know which users are making these changes? Do you know what has changed? Where are you today regarding the risk of fraud or misstatement, versus where you were yesterday? How do you know you are reviewing all the changes? How do you communicate to audit that you are comfortable with what has changed? How do you handle the risk that remains?
In this session, we will discuss how to determine your overall risk profile, how to get your hands around the transactions falling within that risk profile, and what to do with that information once you have it. We will discuss your options regarding approaches and tools, and how to communicate to your auditors once you have an approach. You will leave with more confidence in your knowledge and ability to scope, audit, and communicate around security change management.