Perhaps this is a bit off topic, but I have yet to encounter an IT auditor I could trust.
At my very first job I was in a small shop running DOS on a 360/40. The company was scheduled for its annual outside audit. The IT auditors typically wanted to completely take over the machine for the days of the IT audit. It happened that our payroll process occurred during the period of the audit. Our operations manager informed the auditors that payroll processing would take priority over the audit if they came on those days, on any other days they could have the machine. Guess which days they came. We were written up because we did not give then dedicated use of the machine. It was noted in the audit report that the "uncooperative" data center manager had since been demoted. Not true. He had decided to return to graduate school and was now only able to work third shift, so he became an operator. This was his decision, and certainly not a demotion in the sense that the auditors implied. I think that when I was later in an MVS shop, our auditors used that same playbook, but I also think that they read slowly, as they seemed to find one new thing in the book each year. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
