To minimize the impact of audit and other assurance activities on operational systems and business processes, it's crucial to plan and agree on these activities between the tester and appropriate management. Guidelines for this include controlling the scope of technical tests, and limiting tests to read-only access whenever possible. Audit tests that could affect system availability should be scheduled outside business hours, and all access should be monitored and logged for audit purposes.
Reviews and other verification actions e.g. during audits, that target data systems, must be planned in advance and agreed with the appropriate testers and management. This aims to minimize the impact of actions on operational processes.
When planning practices, the following points must be taken into account: