I agree. My first job was straight from college to a trainee sysprog on OS/VS1 (I knew MVT JCL and assembler). We had a contractor as the main OS/VS1 sysprog. He left instructions to me on how to install the new COBOL compiler. I followed them. They failed. While I was trying to fix the installation, the auditors needed to do a COBOL compile. When they were told that the compiler was down due to an installation error, they wrote the head of the Finance depart that I had deliberately sabotaged their audit attempt. I've despised auditors since that day. At another shop, an auditor demanded that I document every possible MVS exit and their possible use. I won that one by simply putting about 30 large manuals on his desk which contained the information for MVS, DB2, IMS, CICS, and all our CA products. Here, my order are: "Do not talk to an auditor. If they ask a question, answer exactly that question. No more and no less. Do not try to help them. They know what they want. If the! y don't ask about some area, don't say anything about it." NSA == Never Say Anything.
-- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Jeff Holst > Sent: Tuesday, April 26, 2011 8:42 AM > To: [email protected] > Subject: Re: Mixing Auth and Non-Auth Modules > > Perhaps this is a bit off topic, but I have yet to encounter > an IT auditor I > could trust. > > At my very first job I was in a small shop running DOS on a > 360/40. The > company was scheduled for its annual outside audit. The IT > auditors typically > wanted to completely take over the machine for the days of > the IT audit. It > happened that our payroll process occurred during the period > of the audit. Our > operations manager informed the auditors that payroll > processing would take > priority over the audit if they came on those days, on any > other days they > could have the machine. Guess which days they came. We were > written up > because we did not give then dedicated use of the machine. It > was noted in > the audit report that the "uncooperative" data center manager > had since been > demoted. Not true. He had decided to return to graduate > school and was now > only able to work third shift, so he became an operator. This > was his decision, > and certainly not a demotion in the sense that the auditors implied. > > I think that when I was later in an MVS shop, our auditors > used that same > playbook, but I also think that they read slowly, as they > seemed to find one > new thing in the book each year. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
