I agree with what I believe the premise of the article to be. If you have to actually spend any significant time preparing for an audit beyond setting up a couple of computers for the auditors to use, then you're doing something fundamentally wrong to begin with. Most things having to do with audits just aren't rocket science and, as Steve said in the article, are things that folks should be doing anyway.
By the way, my favorite "spec" for doing things the right way is "MIL-TP-41". It's the basis of all other specs whether they be ISO, ANSI, SEC, PCI, SOX, or whatever and is applicable to all industries. It means "Make It Like The Print For Once". :-P It doesn't suppress the ability to think outside the box or innovate or to react quickly to an emergency because "The Print" should have plans even for that.
is pronounced ree-bar and is a Modenism for R
First step towards the paradigm shift of writing Set Based code: Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair
How to post code problemsHow to post performance problemsForum FAQs