I am surprised by all the differing methodology's for being SOX compliant. For data fixes we have an audit approved process as below.
1. All changes must be requested from the user. Artifact: User Request (Can be a hard copy of an email.) 2. LIST.ITEM hard copy of the data before the change. 3. Change data item using a self-documenting change utility. Must be assigned to User Request and associated with a Root Cause Form that's on file. 4. LIST.ITEM hard copy of the data after the change. 5. Notify user of data fix and how the user can verify the change is correct. (Mini Test Plan. Can be hard copy of an email.) 6. User approval. (Can be hard copy of an email.) 7. IT Manager approval. Program changes (unless deemed an emergency) are much more artifact intensive. (Formal Specs, Spec Change Requests, Test Plans, Cross Testing, Management Approvals of all, etc...) Yes, productivity has gone down but accountability is way up. It also makes the users think about requests rather than just asking for shoot-from-the-hip development. (I don't know exactly what I want but, I'll know it when I see it.) Gordon J. Glorfield Sr. Applications Developer MAMSI (A UnitedHealth Company) 301-360-8839 [EMAIL PROTECTED] wrote on 12/09/2005 09:13:00 AM: > SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front) > Our productivity has gone way down. If there is a problem here is > what we have to do now. And there are plenty of internal and > external auditors to make sure we do the following. > 1. Create a request to modify. > 2. Copy the records from LIVE to DEVEL. > 3. Debug the process. > 4. Mod the program and correct the data records. > 5. Create a user approval form. > 6. Have the user sign off. > 7. Have the IT manager sign off. > 8. Notify the manager of programmers of the change > 9. The manager of programmers notifies the system admin. > 10. The system admin then moves the programs and (or) the corrected > data records. > 11. The system admin then notifies the IT staff of the move. > 12. The programmer then notifies the user. > Documentations includes screen shoots of all changes, programs, > DICT, screens and records. The average doc package is about 8 pages. [snip] This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
