Change is a common feature of the IT world. It is important that effective control procedures are in place to ensure that only authorised changes are made to IT systems. Not only is there scope for the accidental or deliberate inclusion of unauthorised code (the so called Trojan horse or time bomb) but change involves a degree of risk and it is necessary to ensure, for example, that the right version of software is actually implemented. Formal change control systems are necessary to ensure that changes to application software, systems software, and even IT hardware, are adequately tested, authorised and moved to live production in a controlled manner. .