On Tue, 6 Jan 2009 20:52:55 +0000, Ted MacNEIL wrote: >Most, if not all, auditors are bound by confidentiality agreements. >So, they can only report to the higher ups. > >... >And, in most companies, they cannot enforce anything, only report.
I don't suppose you have any data to support those assertions, do you? While I agree with you that auditors *should* only report compliance, that is certainly not always the case. I have been in environments where management was afraid to challenge the auditors. As a result, the auditor's word was law. I have also been in environments where it was the auditors who made the rules because no one else knew what the rules should be. Of course, neither did the auditors. I know that there others on this list who have had similar experiences. Perhaps that's the subject of yet another survey. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html