So if you're use to working with triggers, you know how to take the trigger off the file, do the dirty deed, then put the trigger back on.
The bottom line of SOX is that someone "in authority" is ultimately responsible for the accuracy of the financial reports that get published, there-by giving stock holders/analysts/purchasers some kind of assurance that the numbers they use to base their financial decisions on are accurate. All of this is to provide a "CYA" shield for those that rely on others to provide them accurate information. SOX is a good thing, in spite of the complexity it causes, but a bottom line understanding needs to be propagated up the chain of command that any programmer worth his/her salt, can get into the system, probably without being detected, to change data or programs regardless of their title or job duties. SOX is a lock and locks are only there to keep the honest people honest. I was once given a task to change a selection of data so that it includes two weeks instead of one week. It took me three days to jump through all the hoops to document changing a number from 7 to 14 in a procedure record. Guess we all have to decide how we react to more government requirements. BobW -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gordon J Glorfield Sent: Friday, December 09, 2005 1:55 PM To: u2-users@listserver.u2ug.org Subject: [ ] - RE: [U2] SOX question (United States only, I believe) - Found word(s) list error in the Text body That why we have triggers on our basic program files and on the voc. If you do copy something from dev to live, it will show up in the logs. Then your supervisor comes to you not in a very genial mood. You then have to end up doing the paperwork anyway. Gordon J. Glorfield Sr. Applications Developer MAMSI (A UnitedHealth Company) 301-360-8839 [EMAIL PROTECTED] wrote on 12/09/2005 02:38:04 PM: [snip] > The thing that always cracks me up is that all one has to do in a U2/PICK > environment is to create q pointers to the main account from the test > account. You can look and even modify without having access to that account > unless it is locked down by logon at the OS level, which I have yet to find > and as a consultant I have worked on several 'sox compliant' boxes. > You can even compile a program in the test account, and then copy that to > the main account via q pointers as long as you copy the voc pointer as well. > You have to be sure you get the right path for the object code, but that's a > piece of cake, and then the sox auditors would have absolutely no way of > finding out who did what if you just delete the q pointers when you're done. > Not that I would do such a thing (because I get paid by the hour and the > more complicated the procedure the longer it takes), but it is possible. > fwiw, > Allen E. Elwood www.tortillafc.com [snip] This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/