Open Changes Auditing Risks

Discuss and debate ITIL Change Management issues
Post Reply
User avatar
justahunk
Newbie
Newbie
Posts: 2
Joined: Mon Sep 24, 2018 8:00 pm

Tue Sep 25, 2018 3:45 pm

Hey all,
while conducting an internal audit I've noticed that we have a problem with changes remaining open and change tasks remaining open, well after their planned end date. I don't know if the changes were successful, rolled back, caused issues, etc. because change owners are not completing the change and answering out post implementation review questions.

I know this is not good, but I'm looking to bring some ammunition to leadership about the risks associated with leaving these changes open and not knowing their status. Can anyone think of some general risks that would arise from this practice. Thanks!


User avatar
UKVIKING
ITIL Expert
ITIL Expert
Posts: 3636
Joined: Fri Sep 15, 2006 8:00 pm
Location: London, UK

Fri Sep 28, 2018 5:42 am

Justahunk

part of the Change Manager's role is to MANAGE the Change Requests.

If you are the Change Manager, it is YOUR responsibility to ensure that the Change Request is processed and moved in accordance with your Policy, Process and procedures/work instruction.

If you are not, try discussing this with the Change Manager and ASSIST them if they need it
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
User avatar
justahunk
Newbie
Newbie
Posts: 2
Joined: Mon Sep 24, 2018 8:00 pm

Fri Sep 28, 2018 2:14 pm

Yes I am the change Manager.

I am accountable for the change process being followed, however I am not responsible for closing changes or managing each step along the way. That is the responsibility of the change owner.

I've recognized there is an issue with change owners not following our process and therefore want to correct the issue. As a matter of making senior leadership aware of the issue and have them buy into the idea of ensuring their direct reports and their teams are closing changes it is important to present the risks associated with leaving these open.

I have several points to address specific to our organization but I'm looking to see if anyone can think of more basic ways this issue could impact an organization. I'm just looking to bring as much ammunition as possible to my audit findings. Thanks again.
User avatar
UKVIKING
ITIL Expert
ITIL Expert
Posts: 3636
Joined: Fri Sep 15, 2006 8:00 pm
Location: London, UK

Sat Sep 29, 2018 7:52 am

Justahunk

You are responsible for the ENTIRE Change Management Process - as you have clearly stated.

So, the issue is that the teams dont do their follow thru.

Is there a policy stating what the process is and did Snr mgmt agree to this ?
If so, work with the teams' management to get the teams to finish their process

Meanwhile, report these as Process failures and point to the teams to your mgmt.

Is there internal or external auditing of your process ?

There is nothing mor ethan you can do.

We had the same issue We did the following

wrote policy and defined responsibiliies
Wrote procedures and defined rrsponsibilities.
Got the mgmt - common senior mgmt and specific teams to sign off

After we failed a couple of Internal audits; the snr mgmt put pressure on the teams because the company did not want to fail an external audit.

I dont know where in the management hierarchy the CM team is situated in relation to the implementation teams

Finally,

as part of the senior mgmt sign off - unauthorised changes were cause for disciplinary actions.


If that has been agreed, then you need to declare that if the change is not updated within 2-3 business days of the implementation, the change will be declared an Unauthoirised change

That and not approving the change - by yourself - without agreement from the mgmt of the implementation team that the change will processed IAW procedures as part of the implemenation process.

A change Manager can not let the teams walk over their process.

You have to be strict and fair but you also must have senior mgmt abacking
otherwise

my advice is leave as it will get worse w/o snr mgmt support
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Post Reply