>>Auditors neither make rules, nor enforce them. >I wish. They come armed with checklists that have no connection to actual >requirements.
Yes. But. In theory, they should not be creating those lists. Nor should they be enforcing them. All they can do is document where you are not following them. It's up to corporate compliance officers to enforce. Also, you have the right to rebut(t). Auditors are not that scary. Creating, documenting, and enforcing standards are three duties that MUST be separate duties. Anything else is a conflict of interest. Whatever happened to Arthur Anderson? Prime example! - -teD 300,000 Kilometres per Second Not only is it a good idea! It's the LAW!!! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html