On Tue, 6 Jan 2009 15:25:57 -0600, Tom Marchant <m42tom- ibmm...@yahoo.com> wrote:
>While I agree with you that auditors *should* only report compliance, that >is certainly not always the case. > >I have been in environments where management was afraid to challenge the >auditors. As a result, the auditor's word was law. BTDT, GTTS. >I have also been in environments where it was the auditors who made the >rules because no one else knew what the rules should be. Of course, neither >did the auditors. BT2, GTTS. >I know that there others on this list who have had similar experiences. Indeed. Also been in shops where everyone but the auditors did the most / all of the auditors job for them, because the particular breed did not even know how to spell MVS (OS/390, z/OS, etc.). How reliable is the audit when the department being audited collects all the evidents and presents to the auditor to prove compliance? Maybe that's what got Satyam in trouble... >Perhaps that's the subject of yet another survey. Perhaps. Art Gutowski Ford Motor Company ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html