If ever we create a Jira, it seems to me Paul's comments should be taken in
account
Jacques
Le 21/05/2014 16:05, Paul Mandeltort a écrit :
Always a difficult question - where do you draw the line between systemic
controls vs. training?
At the minimum if we don’t have a security provision, we should have proper
auditing of when a PO receipt is backdated or postdated, so someone can figure
out
While I wasn’t around for the initial decisions to make the dates not editable,
in a large organization this could potentially have drastic results for other
users in the organization.
The scenario I can imagine (and has happened in my org before) is a purchase
order contract dispute. Since purchase orders are legal contracts (at least in
the USA), there is a potential if a PO is received late, and there is not a
proper record of when the PO was received by the company, that you run into a
problem.
My organization, for example, doesn’t use OFbiz’s inbound package tracking
functionality (too complicated and slow).
Yeah, better training and supervision would fix this problem, but the reality
is that most organizations would overlook a little thing like this, especially
if the default old behavior changes between upgrades.
Having it available just at a supervisor level at least mitigates that problem.
Or at least stubbing it so it’s easy to figure out where to add the security
control would be a good start.
--Paul
----------
Paul Mandeltort | Marco Specialties Inc
+1-512-394-8119 | [email protected]
On May 21, 2014, at 7:15 AM, Pierre Smits <[email protected]> wrote:
Paul,
Are you sure you would add complexity to a system to provision for
avoidance of laziness? Better is it to improve business processes and
procedures to flesh such behaviour out of the organisation.
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
--
