I implemented this at a customer a couple years ago. That's essentially what we did, though. there is some direct integration w/ remedy now so you must put in a ticket number w/ a job run but I don't know if that gets you anything here.
The one issue will be that even if there is an associated change found in remedy, you still need to investigate because you don't know for sure that that job actually made the detected change. You can make a best guess but that's about it.
Did you use the change tracking scripts with SNMP traps as the incident trigger or did you actually go the reporting to BAO route?
We are taking the approach that if any change request was active, to suppress the incident. Obviously, some unauthorized changes can fall through the cracks. If someone opens a change request to install a patch, and they install patch and new bit of software we would still detect the change as authorized. However, I expect this will catch the vast majority of unauthorized changes.
I used the snmp to bao route as that's what was available at the time.