RE: OT - SarBox paranoia prevention ?

  • From: "David Wendelken" <davewendelken@xxxxxxxxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Sat, 19 Feb 2005 19:17:16 -0500


1) Auditors are hired by management, not dbas.

2) Auditors want to keep the people who hire them happy.

3) Making life a pain in the butt for anybody but management will keep
management happier.

4) Duh.

And, if memory serves, way back when software was first going into banks,
didn't some programmer funnel the fractional pennies of the interest
calculations into a private account?

And programmers often program in back-doors to subvert security procedures.

Those could only be caught with a walkthru the code.  Change control
wouldn't stop it by someone authorized to work on the program.

But the auditors are probably too ignorant to figure that one out.



Other related posts: