A careful patch management process should be the goal for every IT manager who wants certainty and accountability for the dispersal of security updates across all computers and servers on their network. Leaving the patch management process up to the automatic updates that take place based on manual settings in the operating system is at best a risk in a corporate setup, leaving too much room for risk and creating the possibility that some computers will not receive updates. The automatic patch management process can be overridden by the end user, and even in instances where group policies are in place that restrict those settings and prevent their modification, there is no record available as to whether or not the patches were successfully installed onto the computer.
There are various reasons that patch installation can fail. Sometimes, it is only an individual patch that has a problem on one computer and others install as expected. Without a patch management process that includes the ability to centralize deployments and more importantly maintain logs of the patches that are applied to individual machines. This is where accountability aspect comes into play; a patch management process that is run from a centralized patch solution will flag failed updates and can even notify you when a failure takes place. Not necessarily an emergency, but a service request can be created to eventually dispatch a help desk technician to diagnose the problem with the update installation.
This attention to the patch management process will result in a cleaner body of computers and tighter all around security. Computers without current patches are a security risk and are not acceptable on a corporate network. In keeping with most security policies, a comprehensive and tightly adhered to patch management process will provide a safe and secure computing experience.