× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. April 2004

RE: 'HANKY PANKY'

Milt 

Are you suggesting that to end journaling is more difficult than
removing physical file triggers? 

Any auditing software worth a dime will be aware when its monitoring
capabilities have been circumvented. DataThread, which uses either
journals or triggers, has extensive self correcting functionality. This
includes immediate notification to supervisory personnel when auditing
is disabled. 

Vendor self interest aside for a moment, I agree with you that there is
growing requirement for better controls over the enterprise database,
fueled by regulations such as Sarbanes-Oxley, HIPAA, 21 CFR Part 11,
ANNEX 11, and Gramm-Leach-Bliley. It is more efficient and cost
effective to implement a uniform, configurable and feature rich tool for
these kinds of requirements, instead of creating disparate audits as
each requirement presents itself. 

Cheers
Ardi 


Ardi Batmanghelidj 
Principal - Business Development 
Innovatum, Inc. 
ardibatman@xxxxxxxxxxxxx 
Direct Line: 978 443 1304 
Main Office: 877 277 3016 


-----Original Message-----
From: bpcs-l-bounces@xxxxxxxxxxxx [mailto:bpcs-l-bounces@xxxxxxxxxxxx]
On Behalf Of Milt Habeck
Sent: Wednesday, April 07, 2004 2:48 PM
To: BPCS user community
Subject: 'HANKY PANKY' caught with Stitch-in-Time software 

Al, Stitch-in-Time Data Integrity Software puts an end to the
"hanky panky" you wrote about. The product looks for 
exactly the kind of internal control problem you described: 

               audit security stuff turned OFF, 
                        hanky panky done, 
            then turn the security back ON again.

That tactic will trick audit software that relies on triggers
 ... but ... it will not escape Stitch-in-Time's gaze.

Stitch-in-Time catches irregular activities of this 
kind ... it even catches someone smart enough to think
that they can defeat audit trails and monitoring strategies.
It would tell your security officer:

   1) WHO did it, and ... 
   2) precisely WHEN they did it, and ... 
   3) exactly WHAT they did, and ... 
   4) HOW they did it  

More information about Stitch-in-Time ... 
   http://www.unbeatenpathintl.com/award/source/1.html 

Al, your concern about BPCS ITE (Transaction Effect file) 
is valid. If someone did made a change to ITE, that change
could effect how something is posted to the General Ledger, 
Inventory, Shop Orders, Actual Costs, etc.  
Stitch-in-Time software would track the change to the ITE 
file and all the other pertinent BPCS files. It would provide 
blow-by-blow documentation of how ITE record changes 
caused data corruption in G/L, Inventory, etc.  

Wouldn't it be nice to have all that data damage
information presented on a sheet of paper? It would  
make the correction process much. much easier. 

If your company has a Sarbanes-Oxley compliance issue, 
then any hint of "hanky panky" vulnerability must be erased 
now. Stitch-in-Time will do that ... and ... here's several more 
clever/affordable SOX compliance ideas that will help: 
our Stocking Stuffers (tm) for SOX:
   http://www.unbeatenpathintl.com/SOXstuffers/source/1.html

Warm regards and have a blessed Easter, 

Milt Habeck
Unbeaten Path International

Toll free North America:  (888) 874-8008
International voice: (262) 681-3151
mhabeck@xxxxxxxxxx
www.unbeatenpathintl.com




+++++++++++++++++++++++++++++++++++++++++++++
From: Alister Wm Macintyre 
To:  BPCS_L discussion 
Sent: Wednesday, April 07, 2004 3:04 AM
Subject: Fwd: GL Garbage

I don't feel like I got good answers to my original 
question [... Al's March 30 note inserted below by UPI Path ... ] 
and now I have another question coming.

There's some great software available, but I don't feel it is 
proof positive there been no hanky panky.  

Anyone whose security lets them change the rules, can 
change ITE so the audit trail does not go into General
Ledger, change all kinds of stuff, then change ITE so that 
kind of transaction resumes going back in.  

Likewise various audit security stuff can be turned off, 
hanky panky done, then turn the security stuff back
on again.

Al Macintyre










++++++++++++++++++++++++++++++++++++++++++++++
From: Alister Wm Macintyre
To: BPCS_L discussion
Sent: Tuesday, March 30, 2004 7:16 PM
Subject: GL Garbage

We are BPCS 405 CD on AS/400 mixed mode V5 R1

BPCS does a poor job purging ancient records from many files,
so we write our own AS/400 clean-up software, to fill SSA gaps.
We run the BPCS reorg stuff regularly.

GJW has thousands of journals dated years ago.
GJH GJD similar story.

We also have scores with future dates (e.g. year 2010) that I believe
are bogus. Do I have correct understanding of the role of the files?
GJW is starting work area ... if still there it was probably never
posted
GJH (header) and GJD (detail) is where journal entries go that BPCS
trying to post so that content is either posted or has identifiable
errors awaiting adjustment

Under prior management we mass deleted this kind of stuff (e.g. closing
fiscal year 2003, delete if dated 2002 or earlier) but now there is more
sensitivity to GAAP.

Question: how do I tell difference?
Which of this content was in fact posted and which was not?

Any other nuances worth considering?
I am not a GL expert, but I do try to maintain data integrity in what I
delete
e.g. avoid creating more widows (GJH records with no children)
and orphans (GJD details with no parents)

Al Macintyre


_______________________________________________
This is the SSA's BPCS ERP System (BPCS-L) mailing list
To post a message email: BPCS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
or email: BPCS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/bpcs-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.