SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front) Our productivity has gone way down. If there is a problem here is what we have to do now. And there are plenty of internal and external auditors to make sure we do the following.
1. Create a request to modify. 2. Copy the records from LIVE to DEVEL. 3. Debug the process. 4. Mod the program and correct the data records. 5. Create a user approval form. 6. Have the user sign off. 7. Have the IT manager sign off. 8. Notify the manager of programmers of the change 9. The manager of programmers notifies the system admin. 10. The system admin then moves the programs and (or) the corrected data records. 11. The system admin then notifies the IT staff of the move. 12. The programmer then notifies the user. Documentations includes screen shoots of all changes, programs, DICT, screens and records. The average doc package is about 8 pages. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven M Wagner Sent: Friday, December 09, 2005 8:27 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] SOX question (United States only, I believe) Marc How do the programmers to customer support if they cannot look at the data in the production data-base? It would be hard to research problems if you cannot look at live data. Steve At 08:49 AM 12/9/05 -0300, you wrote: >Good Morning Charlie, >No only a US issue, but also an issue for multinationals with US home >offices. We are in Argentina and have clients that must comply and frankly >we DO separate the DBA role from the programmer role and I am in favor of >this although it is an administrative pain at times. Programmers on these >sites do not get access to the production data-base and only get read-only >to the user testing environment. >Regards, >Marc Hilbert >Pick Professional Center >Buenos Aires, >Argentina. > >----- Original Message ----- From: "Charlie Rubeor" ><[EMAIL PROTECTED]> >To: <u2-users@listserver.u2ug.org> >Sent: Thursday, December 08, 2005 6:28 PM >Subject: [U2] SOX question (United States only, I believe) > > >>When we started implementing Sarbanes-Oxley, I knew the question of why we >>don't separate the Database Admin role from the Programmer role would come >>up. Has anyone on this list been able to provide a satisfactory answer to >>the auditors, without spending a lot of time explaining the benefits of an >>MV database? >> >>Charlie Rubeor >>Unix/Database Administrator >>Wiremold/Legrand >>60 Woodlawn Street >>West Hartford, CT 06110 >>Tel: 860.233.6251 x3498 >>Fax: 860.523.3690 >>Email: [EMAIL PROTECTED] >>Internet: www.wiremold.com >> >>[demime 1.01d removed an attachment of type image/jpeg] >>------- >>u2-users mailing list >>u2-users@listserver.u2ug.org >>To unsubscribe please visit http://listserver.u2ug.org/ >------- >u2-users mailing list >u2-users@listserver.u2ug.org >To unsubscribe please visit http://listserver.u2ug.org/ ------ Steven M Wagner [EMAIL PROTECTED] Cary, North Carolina, United States of America ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/