SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Acing an Audit


Acing an Audit

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)

Group: Administrators
Points: 63134 Visits: 19114
Comments posted to this topic are about the item Acing an Audit

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Dizzy Desi
Dizzy Desi
SSC Journeyman
SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)SSC Journeyman (93 reputation)

Group: General Forum Members
Points: 93 Visits: 687
I totally agree that companies should have processes in place that keep them audit-worthy (not to mention more secure in general) at all times. My group is partly there - in SQL Server, we are pretty much always audit ready. I haven't been able to understand why our Oracle environments aren't. It's utter chaos for weeks leading up to an audit every single time.

And how reliable are those audit results, anyway? The audits should be looking at day to day processes, not giving people a heads-up weeks or months in advance to get themselves up to standard when they're lagging behind the rest of the year.
Miles Neale
Miles Neale
Hall of Fame
Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)Hall of Fame (3.1K reputation)

Group: General Forum Members
Points: 3050 Visits: 1694
Nice piece, and valuable information about a process that builds the right processes.

M.

Not all gray hairs are Dinosaurs!
sturner
sturner
SSCrazy
SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)SSCrazy (2.2K reputation)

Group: General Forum Members
Points: 2230 Visits: 3259
I would estimate that at least 20% of processes we have running and the resulting data generated are there exclusively to satisfy PCI and ISO audits.

The probability of survival is inversely proportional to the angle of arrival.
nopeqwerty123
nopeqwerty123
Valued Member
Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)Valued Member (50 reputation)

Group: General Forum Members
Points: 50 Visits: 8
In my experiences the priority placed on financial and accounting audit functionality beyond what is required is driven by the industry they are in...ie insurance, banking, etc.

I question your thought about companies swaying their focus from what they excel at to focusing too much on home grown systems. As any system integrator has experienced more often than not scalability and integrations can become problematic. Usually cant get away from some level of modifications though, and in my experience the large enterprises have a mixture (for better or worse it keeps us employed).

Thanks!
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)

Group: General Forum Members
Points: 86824 Visits: 41103
I agree with what I believe the premise of the article to be. If you have to actually spend any significant time preparing for an audit beyond setting up a couple of computers for the auditors to use, then you're doing something fundamentally wrong to begin with. Most things having to do with audits just aren't rocket science and, as Steve said in the article, are things that folks should be doing anyway.

By the way, my favorite "spec" for doing things the right way is "MIL-TP-41". It's the basis of all other specs whether they be ISO, ANSI, SEC, PCI, SOX, or whatever and is applicable to all industries. It means "Make It Like The Print For Once". :-P It doesn't suppress the ability to think outside the box or innovate or to react quickly to an emergency because "The Print" should have plans even for that.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search