Now that most companies have gone through at least one round of SOX, I'm wondering what everyone's assessment of the auditor's understanding of the database environment is.
I've found them to concentrate on the compiled executables of the client applications, but not think much about the unencrypted business logic that resides in stored procedures and triggers in the database environment. In our case, they seem to think of databases as only data storage, and don't consider how powerful and immediate the environment really is.
There's probably a mosaic of response depending on what auditor companies have had, but I'm curious what everyone's experience has been.
We walk in the dark places no others will enterWe stand on the bridge and no one may pass