Abstract:

General information technology controls include controls related to information systems that must be adequately designed and implemented to support critical business processes. They commonly include controls over change management (i.e., system change controls) and ensure the effective implementation of changes in the information technology environment. Alarming facts within the literature point to inadequacies in change management practices, particularly the evaluation of system change controls in organizations. Research efforts have resulted in various methodologies developed to tackle the assessment of system change controls. Nevertheless, these methodologies identify weaknesses that can prevent an effective assessment and, ultimately, adequate selection of those controls. This research proposes a novel approach using Grey Systems Theory that quantifies the importance of each system change control considering organizations’ goals and objectives. Through a case study, the approach is proven successful in providing a way for measuring the quality of system change controls based specifically on organizations’ criteria.