KEMBAR78
Audit Report For System Development and Change Management | PDF
Scribd
Upload
58 views1 page

Audit Report For System Development and Change Management

The audit report for XYZ University evaluates the System Development and Change Management processes, highlighting strengths such as a well-documented SDLC and a formal Change Advisory Board. However, it identifies risks including lack of security testing for minor updates and absence of rollback plans for major changes. Recommendations include implementing automated security testing, requiring rollback plans, and enforcing strict change approval procedures, with a follow-up audit suggested in six months.

Uploaded by

kuriaaustine125
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
58 views1 page

Audit Report For System Development and Change Management

The audit report for XYZ University evaluates the System Development and Change Management processes, highlighting strengths such as a well-documented SDLC and a formal Change Advisory Board. However, it identifies risks including lack of security testing for minor updates and absence of rollback plans for major changes. Recommendations include implementing automated security testing, requiring rollback plans, and enforcing strict change approval procedures, with a follow-up audit suggested in six months.

Uploaded by

kuriaaustine125
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Audit Report for System Development and

Change Management
(Education Sector)

1. Audit Overview

 Institution Name: XYZ University


 Audit Date: [Insert Date]
 Audit Team: [Names of Auditors]
 Scope: Review of System Development and Change Management for SIS, LMS, and
Administrative Systems
 Compliance Standards: FERPA, ISO 27001, NIST

2. Audit Findings

2.1 Strengths Identified

✅ Well-documented SDLC process with clear version control


✅ Formal Change Advisory Board (CAB) approves changes
✅ Comprehensive user training program before system rollouts

2.2 Risks & Issues Identified

❌ Lack of security testing for minor system updates


❌ No rollback plan for major changes, increasing risk of downtime
❌ Some system changes bypass formal approval due to time constraints

3. Recommendations for Improvement

🔹 Implement automated security testing as part of the CI/CD pipeline


🔹 Require a rollback plan for all major changes to minimize service disruptions
🔹 Enforce strict change approval procedures to reduce unauthorized modifications

4. Conclusion & Next Steps

The System Development and Change Management process in the education sector is
generally well-structured but requires enhanced security controls and improved compliance
enforcement. The audit team recommends a follow-up audit in six months to review the
implementation of suggested improvements.

You might also like