RE: Sox Poll

• From: "Mark W. Farnham" <mwf@xxxxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Sun, 31 Oct 2004 12:34:30 -0500

Kafka would be amused.

Conspiratorial fraud between senior management and auditing firms led
directly to the Sarbanes-Oxley regulations passing.

Now, external audit reports by auditing firms are mostly transparent
consulting cash generating projects that focus on making life difficult for
IT departments. Not one single SEC investigation I am aware of has anything
to do with unethical behavior by DBAs or development staff; yet most of the
focus
of SarBox audits is on locking development out of production by scaring
senior management about who has the keys and encouraging them to believe
they cannot trust their own employees.

<craft your own Mogens-like phrase about being glad to be in partial
ownership of a consulting firm.>

Now, for what it is worth, I do support the notion that production DBAs
should sign similar agreements of confidentiality and fiduciary
responsibility as those signed by those in the payroll, human benefits, and
finance departments. Most of the external audit reports I've seen try to
claim that DBAs either do not understand the business or are not
trustworthy, or both. If that is they case, your company is already toast
anyway. Far too many companies and auditors are confused about what a DBA is
and too lightly assign that title to folks who are at most database
operators rather than administrators.

Regards,

mwf

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Jared Still
Sent: Sunday, October 31, 2004 1:41 AM
To: bspears@xxxxxxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Sox Poll


I don't have to request the system password, but do have to
request the password for the application accounts on the servers.

We have personal logins with admin rights on the servers. The
point of this is being able to audit who did what, and if someone
has the password, who it is/was.

Jared


On Fri, 29 Oct 2004 10:39:00 -0400, Spears, Brian
<bspears@xxxxxxxxxxxxxxxxx> wrote:
>
> Ok, let me put it clearer... DBA's not beening allowed to have the system
> password. They must request it from a separate group to do changes. I am
> hearing of other dba's having to do this. I know we haven't only  because
no
> one suggested it yet. We are having to do some real interesting
contortions
> to get stuff done.
>
> Brian
>
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
> On Behalf Of Spears, Brian
> Sent: Friday, October 29, 2004 10:06 AM
> To: oracle-l@xxxxxxxxxxxxx
> Subject: Sox Pole
>
>  Just wondering if Sarbanes Oxley has reduced people to getting permission
> for the system password each time from Operations to be able to sign into
> the production databases? Some real crazy stuff coming out of this.
>
> Brian
>
> --
> //www.freelists.org/webpage/oracle-l
>
> --
> //www.freelists.org/webpage/oracle-l
>


--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

• References:
  • Re: Sox Poll
    • From: Jared Still

Other related posts:

• » RE: Sox Poll
• » Re: Sox Poll
• » RE: Sox Poll

1. Home
2. oracle-l
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---