Sunday, July 27, 2008

Risks associated with business and IS/IT change

It is of value to review the data and/or procedures before and after making changes in business, IS/IT to avoid the following risks:

a. Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both.

b. Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions.

c. Unauthorized changes to data in master files.

d. Unauthorized changes to systems or programs.

e. Failure to make necessary changes to systems or programs.

f. Inappropriate manual intervention.

g. Potential loss of data.

If we are to make change, to avoid those risks, have the surest way to succeed. The necessary information is to be considered. Thus it is not a good judgment to be in hurry to make change. Plan the action and make sure of it. Have a copy or backup of the data, systems and programs. If it is inevitable, wait until you can afford the risks involved.

Below is the site where the risks above were identified: http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16274&TEMPLATE=/ContentManagement/ContentDisplay.cfm