| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Sox Poll
Kafka would be amused.
Conspiratorial fraud between senior management and auditing firms led directly to the Sarbanes-Oxley regulations passing.
Now, external audit reports by auditing firms are mostly transparent
consulting cash generating projects that focus on making life difficult for
IT departments. Not one single SEC investigation I am aware of has anything
to do with unethical behavior by DBAs or development staff; yet most of the
focus
of SarBox audits is on locking development out of production by scaring
senior management about who has the keys and encouraging them to believe
they cannot trust their own employees.
<craft your own Mogens-like phrase about being glad to be in partial ownership of a consulting firm.>
Now, for what it is worth, I do support the notion that production DBAs should sign similar agreements of confidentiality and fiduciary responsibility as those signed by those in the payroll, human benefits, and finance departments. Most of the external audit reports I've seen try to claim that DBAs either do not understand the business or are not trustworthy, or both. If that is they case, your company is already toast anyway. Far too many companies and auditors are confused about what a DBA is and too lightly assign that title to folks who are at most database operators rather than administrators.
Regards,
mwf
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Jared Still
Sent: Sunday, October 31, 2004 1:41 AM
To: bspears_at_limitedbrands.com
Cc: oracle-l_at_freelists.org
Subject: Re: Sox Poll
I don't have to request the system password, but do have to request the password for the application accounts on the servers.
We have personal logins with admin rights on the servers. The point of this is being able to audit who did what, and if someone has the password, who it is/was.
Jared
On Fri, 29 Oct 2004 10:39:00 -0400, Spears, Brian
<bspears_at_limitedbrands.com> wrote:
>
> Ok, let me put it clearer... DBA's not beening allowed to have the system
> password. They must request it from a separate group to do changes. I am
> hearing of other dba's having to do this. I know we haven't only because
no
> one suggested it yet. We are having to do some real interesting
contortions
> to get stuff done.
>
> Brian
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
> On Behalf Of Spears, Brian
> Sent: Friday, October 29, 2004 10:06 AM
> To: oracle-l_at_freelists.org
> Subject: Sox Pole
>
> Just wondering if Sarbanes Oxley has reduced people to getting permission
> for the system password each time from Operations to be able to sign into
> the production databases? Some real crazy stuff coming out of this.
>
> Brian
>
> --
> http://www.freelists.org/webpage/oracle-l
>
> --
> http://www.freelists.org/webpage/oracle-l
>
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Sun Oct 31 2004 - 11:31:28 CST
 |
 |