>Well, I suppose one could say that they report on how well you comply with >-their- requirements.
That's the point. It's not their requirements; it's those determined by the company, through SME's.m >One could also say that auditors don't approve. They do insist, though, and >report perceived transgressions to your customers as heinous crimes against >humanity. Most, if not all, auditors are bound by confidentiality agreements. So, they can only report to the higher ups. 1. You are giving them too much authority. 2. You are giving them too few ethics. If you were working as a consultant, setting up/fixing a system, would you report the 'stupid' configs to their customers, as 'heinous crimes against humanity'? Yes, auditors can be a PITA, but they are a necessary 'evil'. And, in most companies, they cannot enforce anything, only report. - Too busy driving to stop for gas! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
