[email protected] (Jeff Holst) writes: > I think that when I was later in an MVS shop, our auditors used that same > playbook, but I also think that they read slowly, as they seemed to find one > new thing in the book each year.
when corporate came in for audit of SJR datacenter in the early 80s ... there was big dustup with the auditors over demo programs (aka "games") ... which should be eliminated from every system ... as not a "business use". Corporate had gone thru a cycle where the 3270 logon screen had "For Business Use Only" added. We managed to have that changed to "For Management Approved Use Only" ... where games actually served a very useful purpose ... giving people exposure to significantly better human interface experience ... that was hardly common in the period. We also used the argument that eliminating public games ... would just drive them underground with each person having private disguised versions. 6670s (copier3 with computer interface added) were appearing in every departmental area for distributed computer output. the 6670 driver had been modified to include a randomly selected quote on the separator pages. part of the audit was off-hours sweep of all the distributed printers ... looking for sensitive output that was left out/unattended. In one of the areas, the auditors found an output separator page with the following quote: [Business Maxims:] Signs, real and imagined, which belong on the walls of the nation's offices: 1) Never Try to Teach a Pig to Sing; It Wastes Your Time and It Annoys the Pig. 2) Sometimes the Crowd IS Right. 3) Auditors Are the People Who Go in After the War Is Lost and Bayonet the Wounded. 4) To Err Is Human -- To Forgive Is Not Company Policy. ... snip ... the next day, the auditors tried to escalate an issue that we were purposefully ridiculing them. In the wake of Enron, congress passed sarbanes-oxley that significantly increased audit requirements and penalties. A few years ago I was at a financial conference in europe of european corporate CEOs and exchange presidents ... major theme was that the (significant) SOX audit requirements and costs were leaking out into the rest of the world. There was semi-humorous reference to the country hosting the conference on sunday cnn gps program http://globalpublicsquare.blogs.cnn.com/2011/04/24/rent-the-country-of-liechtenstein-for-70k-a-night/ My position was that the increased audit requirements wouldn't make any significant dent in fraud (was more likely just a full-employment favor to the audit industry by congress) and possibly only significant part of SOX was section on informants. It turns out that apparently GAO also thot something similar and was doing reports of review of public company financial filings showing uptick in fraudulent filings after SOX (problem with both the audits and SEC enforcement). In congressional testimony by the person that had tried for a decade to get SEC to do something about Madoff, there was mention that tips turn up 13 times more fraud than audits and SEC didn't have a tip hotline, but had a 1-800 line for companies to complain about audits. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
