This is one of the most critical processes and impacts validation up one side and down the other.  Done poorly, this can cause havoc.  In terms of validation, this process must be well defined and rigorously followed.

Validated State

It is not possible to keep an application in a validated state without proper change management.
At the point a software application goes into formal testing (which could be the point at which validation efforts begin as with commercial software or earlier with commissioned or internally-developed software), the system is considered baselined.

After baseline, changes are only allowed to the system if they are approved and the release managed.

Risk Analysis

When a change is needed to baselined code, the proposed change needs to be assessed for impact on the risk analysis, the impact on requirements, the impact on the architecture / design, as well as the impact on the code.

Once approved, controls need to be in place to only enable the authorized changes to be made.
Software developers have a bad habit of opening up the code, seeing something that could be done better, and making changes that “don’t cause any issues.”