John McKown wrote: >Have IT management "risk accept" they way you need. Then tell the auditors >that. Auditors do not have any authority beyond what management gives them.
Agreed. Actually, as Ted always said, auditors only recommends. They cannot enforce. >This assumes management has tener cojones. Spanish for 'having the courage'/'have the balls'. ;-) See http://en.wikipedia.org/wiki/Cojones for background info. When working with auditors and managers, you need all the courage [1] to work with them... ;-) Groete / Greetings Elardus Engelbrecht [1] - In a galaxy far far away on a very lonely planet full of hungry aliens some centuries ago, I have a really hard time to convince auditors and management that I don't need no stinking ADSP in RACF. ;-) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
