|
Over the years we have heard rumours that some of the people who mysteriously disappeared from the company ("Did they jump or were they pushed?") were 'let go' for improprieties with company funds or materials. Never -major- events from anything the rumour mill published, but enough to be noticed.
One enabling reason (IMHO) is that due to a big push for efficiency, we downsized the personnel base so that many people wore many hats-- including power to cut a PO, authorize the check, print the check, delete the PO, delete reference to the check, etc. etc.
So now the big push is to automate the controls-- one person can still wear all of the hats, but there has to be a detailed audit trail, complete with manual review and oversight at some point in the process, to prevent those nasty little sneaky things from happening.
IT -did- pass its audit (barely, with just a little song and dance number, but we passed), and we were -so- proud because some other departments didn't. Nyah! Does SOX create interdepartmental animosity? So far, it's all been good natured...
And IT is the savior when it comes to implementing new automatic controls. Companies that are forced to hire people to implement the controls are definitely at a disadvantage compared with companies that have IT departments that understand the systems and can implement the controls.
There's just one slight detail that no one has mentioned... and I hope the auditors never think about it... A Security Officer has access to -everything- on the system-- every file, every document-- everything. That's why we have every change to production data in writing, signed by a manager, and stacked in nice neat rows so we can prove someone -else- said it was OK!
TIME magazine had an interesting thought about IT controls years ago. One author said, "Ideally, the first step in securing the system is to shoot the programmer."
--Paul E Musselman Paulmmn@xxxxxxxxxxxxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.