Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Acing an Audit Expand / Collapse
Author
Message
Posted Monday, January 28, 2013 9:23 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:00 PM
Points: 31,181, Visits: 15,627
Comments posted to this topic are about the item Acing an Audit






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1412742
Posted Tuesday, January 29, 2013 6:59 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, October 15, 2014 9:47 AM
Points: 71, Visits: 672
I totally agree that companies should have processes in place that keep them audit-worthy (not to mention more secure in general) at all times. My group is partly there - in SQL Server, we are pretty much always audit ready. I haven't been able to understand why our Oracle environments aren't. It's utter chaos for weeks leading up to an audit every single time.

And how reliable are those audit results, anyway? The audits should be looking at day to day processes, not giving people a heads-up weeks or months in advance to get themselves up to standard when they're lagging behind the rest of the year.
Post #1413025
Posted Tuesday, January 29, 2013 9:30 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, October 23, 2014 11:01 AM
Points: 2,401, Visits: 1,485
Nice piece, and valuable information about a process that builds the right processes.

M.


Not all gray hairs are Dinosaurs!
Post #1413140
Posted Tuesday, January 29, 2013 10:23 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, August 21, 2014 1:54 PM
Points: 1,430, Visits: 3,229
I would estimate that at least 20% of processes we have running and the resulting data generated are there exclusively to satisfy PCI and ISO audits.





The probability of survival is inversely proportional to the angle of arrival.
Post #1413180
Posted Sunday, February 3, 2013 3:27 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, February 4, 2013 6:33 PM
Points: 6, Visits: 8
In my experiences the priority placed on financial and accounting audit functionality beyond what is required is driven by the industry they are in...ie insurance, banking, etc.

I question your thought about companies swaying their focus from what they excel at to focusing too much on home grown systems. As any system integrator has experienced more often than not scalability and integrations can become problematic. Usually cant get away from some level of modifications though, and in my experience the large enterprises have a mixture (for better or worse it keeps us employed).

Thanks!
Post #1415003
Posted Sunday, February 3, 2013 10:45 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Yesterday @ 9:25 PM
Points: 35,372, Visits: 31,925
I agree with what I believe the premise of the article to be. If you have to actually spend any significant time preparing for an audit beyond setting up a couple of computers for the auditors to use, then you're doing something fundamentally wrong to begin with. Most things having to do with audits just aren't rocket science and, as Steve said in the article, are things that folks should be doing anyway.

By the way, my favorite "spec" for doing things the right way is "MIL-TP-41". It's the basis of all other specs whether they be ISO, ANSI, SEC, PCI, SOX, or whatever and is applicable to all industries. It means "Make It Like The Print For Once". It doesn't suppress the ability to think outside the box or innovate or to react quickly to an emergency because "The Print" should have plans even for that.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1415034
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse