Skip to main content Skip to office menu Skip to footer
3 golden objects Minnesota Legislature

Office of the Legislative Auditor - Financial Audit Division

Report Summary
Office of MNIT Services
Information Technology Change Management Controls

 

Financial Audit Division Report 18-01 Released January 10, 2018

Background

Changes to government systems are necessary to help agencies meet evolving business needs, address new compliance requirements, and fix security vulnerabilities. Closely managing changes is extremely important because all changes pose risks to the stability of highly-complex systems and the availability of critical government services.

Organizations that manage complex technology systems typically adopt strict change management processes. These processes help technology leaders understand and manage risk while making carefully planned changes to systems. The overarching goal of change management is to minimize the impact of change-related incidents.

Conclusion

MNIT Services had generally adequate change management controls. The agency had adequate policies and standards, and changes that we tested followed those standards. However, disparate change management software products and processes may increase the likelihood of change-related failures and prolonged service outages. We also found that MNIT lacks key controls to detect unauthorized changes.

Audit Findings

  • Disparate change management software products and processes increase the likelihood of change-related failures and prolonged service outages.
  • MNIT lacks key controls to detect unauthorized changes.

More Information

Office of the Legislative Auditor, Room 140, 658 Cedar St., St. Paul, MN 55155 : legislative.auditor@state.mn.us or 651‑296‑4708