IT Internal Controls for the Internal Controls?
Helmet provides safety for the rider; helmet locked to motorcycle to prevent helmet theft

IT Internal Controls for the Internal Controls?

Andrew Michael Turner Andrew Michael Turner

Andrew Michael Turner

Published Sep 7, 2018
+ Follow

Putting access controls on the release docket 

Having the list of all projects included with a major production release is an internal control used to protect the release. Risks are observed early, a release planning meeting can be called with appropriate people, and everything is transparent. But who can add an entry to that list of projects? By restricting write access to only Project Leads and Scrum Masters - one further reduces release risk. Developers are wonderful (I was a full-time developer for many years and I still code a bit) but only a Lead/Manager should be including (listing) production changes. A change may require testing beyond what is performed by the developer, or a change may not be appropriate for a given release, and we often need to communicate to others in advance (by the way… we are fixing that bug Thursday night so your phone representatives no longer should ‘talk around the bug’ starting Friday)

In summary, having access controls around who can put projects on the release docket is a good internal control, for an internal control



To view or add a comment, sign in

More articles by Andrew Michael Turner

  • Considering Federal Employment
    Aug 26, 2023

    Considering Federal Employment

    A few years ago, I switched to federal government work after working over thirty years in the corporate space. Perhaps…

    1 Comment
  • Thank you!
    Mar 9, 2019

    Thank you!

    Having completed many years on a job - I was left with a few boxes of stuff. With my new job starting the next day -…

    1 Comment
  • Performance Testing - 3 Things to Know
    Dec 22, 2018

    Performance Testing - 3 Things to Know

    Like to share what I learned doing load and performance testing. It's one thing to script and run the test, it's quite…

  • The Great Disruption
    Apr 28, 2017

    The Great Disruption

    Sometimes great disruptions are necessary to achieve great things. I was working on a big NASA contract with CSC to…

  • Strengthening The Ends - Software Release Management
    Dec 3, 2016

    Strengthening The Ends - Software Release Management

    Your home's foundation and roof define the integrity of your house. The foundation is the starting point and the roof…

  • I'm not doing business with just anyone
    Sep 24, 2016

    I'm not doing business with just anyone

    I've been discussing the Wells Fargo news with friends recently. Some are concerned if they may have been cheated while…

    1 Comment
  • Thank you, Alvin Toffler, Information Age Visionary
    Jul 4, 2016

    Thank you, Alvin Toffler, Information Age Visionary

    Alvin Toffler (October 4, 1928 – June 27, 2016) sparked our interest in technology with his books Future Shock and The…

  • Who is Watts Humphrey? An American Software Engineer
    Jan 28, 2016

    Who is Watts Humphrey? An American Software Engineer

    While clearing out and donating many of my old books - I came across one which avoided the bin. It had a plain blue…

  • Help, This Code Doesn't Work (Tip #5)
    Dec 19, 2015

    Help, This Code Doesn't Work (Tip #5)

    Study Great Code! One of the ways people learn a craft is to watch experts do the craft. Watching a painter teaches one…

  • Which IT Job Do You Like Best?
    Nov 15, 2015

    Which IT Job Do You Like Best?

    How does one figure out which IT job they are best suited for? Below are some guidelines to help with your decision…

See all articles

Explore content categories