On Tue, 6 Jan 2009 20:37:06 +0000, Ted MacNEIL <[email protected]> wrote:
>... >>> 2. Auditors don't approve; they report on compliance. > >>Maybe that's how it works where you live. It is different elsewhere. > >True auditors just report on compliance. >SME's define. >Compliance officers enforce. > >Anything else is not a true separation of duties and is a conflict of >interest. >... I guess our mangement forgot to read the definitions. And come to think of it, that has been true in every shop I've seen. Audits, especially external audits, carry a lot of weight. The enforcement does not come from the auditors, but the audits do not seem to be questioned. And the audit groups seem to have their own SME which in some cases really stretch the definition of "expert". Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
