Steve Thompson's reply about lawyers got to me to look at this bit about auditors. Do auditors ~ever~ shoot the survivors? In my experience, both internal and external auditors report to management; it is management who decide whether to fix the problem or sign off on the risk.
I don't think I'm prejudiced in this. My degree is in Accounting, but I have never worked in anything but computer jockery of various kinds. Well, wait, on two occasions I worked a one-week IT audit, supplementing the audit team as a mainframe SME. (Auditors generally understand networks, but are helpless on mainframes.) But that's all. Those two occasions do match what you say about running years-old procedures, though. Although from what I can remember, the checklist on RACF security that they gave me to follow was fairly complete. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* 'I Love Lucy' left here years ago and has gone past a few thousand stars. Only the nearby stars have seen 'The Simpsons.' The earth is brighter than the sun at television frequencies. -SETI astronomer Dan Werthimer */ --- On 2/9/2023 9:25 AM, Tom Longfellow wrote: > ....my opinion of Auditors is pretty low. They just come in. Rerun > procedures and checks developed in the 70's and published in a book. With > no regard for the real world functions of the systems. And then they go to > the battlefield and "Shoot the survivors" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
