This article provides an overview and summary of the COBIT 5 process Manage Changes, which is part of the Management – build (Build, Acquire, Implement) domain.

The purpose of this COBIT 5 process is to manage all changes in a controlled manner, including standard changes and emergency changes impacting organisation processes and IT services. This includes change standards and procedures, impact analysis, prioritisation and authorisation, emergency changes, tracking, reporting, closure and documentation. The goal is to ensure fast and reliable delivery of changes to the organisation in a minimised risk and stable manner.

The following sub-governance processes are further supported by a list of control activities:

  1. Evaluate, prioritise and authorise change requests. Evaluate all requests for change to determine the impact on the organisation processes and IT services.
  2. Manage emergency changes. Carefully manage emergency changes to avoid failed changes and resulting in incidents.
  3. Track and report change status. Implement a tracking and reporting system to document all changes – planned, in progress, successfully completed, rejected, failed etc.
  4. Close and document the changes. Once changes are implemented ensure all records are documented.

For more information please contact Morland-Austin at