Re: SOX Reporting Requirement
- From: Frits Hoogland <frits.hoogland@xxxxxxxxx>
- To: "david.barbour1@xxxxxxxxx" <david.barbour1@xxxxxxxxx>
- Date: Thu, 28 Aug 2014 19:40:14 +0200
If you actually look at what is in SOX itself, you might be surprised. There is
no implementation description.
In my experience the audit requirements which the auditor requests are most of
the time based on the imagination of the auditor.
Hint: you might want to ask where the requested implementation is specifically
detailed black on white.
Frits Hoogland
http://fritshoogland.wordpress.com
frits.hoogland@xxxxxxxxx
Office : +31 20 5939953
Mobile: +31 6 14180860
(Sent from my iPhone, typo's are expected)
> Op 28 aug. 2014 om 17:05 heeft David Barbour <david.barbour1@xxxxxxxxx> het
> volgende geschreven:
>
> Morning,
>
> I was wondering how others might be handling the SOX reporting/auditing issue
> we've been assigned.
>
> The audit folks want to know when DML occurs on a particular table and the
> original and new value(s). I've implemented FGA on the table and can capture
> the change. Using the transaction ID, I can then go back to the
> flashback_transaction_query and get the original values. Of course, the only
> guarantee of being able to pull the undo sql containing the original values
> is that the query is performed before the undo retention expires.
> Pre-supposing I have a job that queries dba_fga_audit_trail and grabs the
> undo in time, what might happen next? I was thinking of storing the values
> in a table created specifically for this purpose. Then I'd probably create a
> view to generate the report.
>
> I'd appreciate any other ideas or refinements. This is a pretty busy
> database and I've got to be careful bumping undo retention too high. I'm
> undoubtedly missing something .............
--
//www.freelists.org/webpage/oracle-l
Other related posts:
