Others have argued: > > See the thing is, we're letting the auditors drive this thing. > > Auditors don't drive this. Auditing is basic procedures plus > statistical sampling of transactions ...
*** No, no, no, that's what financial auditors do, not I.T. auditors. The word "auditor" is an overloaded descriptor, referencing either a financial auditor or an I.T. auditor, which are two very different animals. Financial auditors examine financial transactions and financial controls, and they verify samples of data. I.T. auditors look at the software that produces and uses that data, and look at how the software is controlled, and they also look at physical control of I.T. hardware. ** The Sarbanes-Oxley act specifically mandates both kinds ** ** of auditing, both financial auditing and I.T. auditing. ** The I.T. audits aren't much like financial audits. Instead, they are much like ISO-9000 audits, and require excruciatingly detailed documentation of I.T. quality assurance (or at least QA-ish) policies and procedures. As with ISO-9000, the costs of becoming compliant may be high, but sometimes there are good benefits. For instance, some I.T. departments which were scrambling to become compliant with SOX audits have found themselves accidentally becoming more compliant also with the SEI-CMM (Software Engineering Institute's Capability Maturity Model). *** The information contained in this e-mail message may be privileged and confidential information and is intended only for the use of the individual and/or entity identified in the alias address of this message. If the reader of this message is not the intended recipient, or an employee or agent responsible to deliver it to the intended recipient, you are hereby requested not to distribute or copy this communication. If you have received this communication in error, please notify us immediately by telephone or return e-mail and delete the original message from your system. ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
