Compliance maturity and SOX spends are very well known issues. And, while the trend is definitely positive with the number of SOX experts that we have today, most companies still find themselves in a SOX fire in the first year of compliance. Many still expend enormous amount of effort on their compliance programs in the initial two years. SOX audits multiple IT processes. But due to their very nature, some processes such as Change Management and User Access provisioning get most impacted. SOX compliance of these processes often calls for dedicated effort, additional investments, and process re-engineering.

This paper presents best practices and practical solutions that significantly contribute to an organized and effective Change Management compliance program. It borrows from the authors' experience and is targeted at change management process owners and compliance professionals to help them streamline their SOX efforts, and thus reduce compliance fires and expenditure.

Mrunmayi Atre is a certified ITIL Practitioner in Change, Configuration and Release Management, and is also COBIT foundation certified. Her experience includes ITSM process consulting, compliance management and audits, process implementation and management of IT infrastructure projects.

Subbarao Chaganty is a Certified Six Sigma Green Belt and a certified Practitioner in Change and Release Management. His experience includes developing and implementing ITSM process solutions for global organizations. He has mentored several Green Belt projects during his tenure.