Dear Jim  ~  response #6,

My response #1 asserted that SOX rubber meets the road 
with PCAOB's interpretation of Sarbanes-Oxley for external 
auditors. The Public Company Accounting Oversight Board's 
Auditing Standards No. 2 includes 216 detailed requirements for 
SOX auditors spread over +/- 110 pages. Here are 2 pages of 
excerpts which I believe are a must-read for senior executives at 
manufacturing companies: 

http://www.unbeatenpathintl.com/pcaobdetails/source/1.html   

The net finding is that PCAOB has given SOX auditors every 
conceivable incentive to dig into infinitesimal BPCS business 
process details. Think about this scenario from the viewpoint of 
audit firm XPW who has been retained for your 2004 SOX audit:  

     Lets say that XPW fails to find an internal control deficit in 
     your BPCS product costing. Then in 2005 you retain a different 
     firm (YDT) and they do discover that legacy BPCS problem. 
     YDT concludes that it is material in the aggregate according to 
     PCAOB requirements and they report it to your shareholders. 
     Now, if your stock price goes down after the YDT report
     appears, what is XPW's professional liability to your
     shareholders?

I don't know the answer to that question --- but I would speculate 
that external auditors want to avoid that question with very, very
thorough internal control audits across every BPCS process. 

Unbeaten Path can prepare you for that degree of SOX scrutiny 
with our Stitch-in-Time (tm) Internal Control Assessment. 

http://www.unbeatenpathintl.com/stitchservices/source/1.html

Our assessment report arrives with a money-back guarantee of 
professional quality and customer satisfaction. 

By the way, if you are a common stock investor, heads up!
You may be interested in reading an essay which speaks to an 
unintentional outcome from SOX: will a series of unfavorable
SOX audits "knock the legs out from under investor confidence
in the market"  ????  Here's the essay: 

http://www.unbeatenpathintl.com/debriscloud/source/1.html

Please see these subsequent responses for BPCS/SOX topics:

  #7 ~~ information about our award-winning Stitch-in-Time (tm)
             Data Integrity software the enables you to respond to SOX
             auditor inquiries about the integrity of DB2 information.

  #8 ~~ introduction to several other clever and affordable
             Stocking Stuffers (tm) for SOX products designed to help
             enterprises prepare for Sarbanes-Oxley.

God bless,

Milt Habeck
Unbeaten Path International

Toll free North America:  (888) 874-8008
International voice: (262) 681-3151
European contact: (44) 1-737-824248
mhabeck@xxxxxxxxxx 
www.unbeatenpathintl.com 



++++++++   +++++++   +++++++   +++++++   +++++++   +++++
From: Reinardy, James
To: bpcs-l@xxxxxxxxxxxx
Sent: Wednesday, June 09, 2004 3:17 PM
Subject: DB2 Users

Hello All,

We are running BPCS 6.04 on iSeries.  I am trying to understand the
relationship between iSeries users, BPCS users and DB2 file access. The
concern is arising because of Sarbanes-Oxley.  Our auditors are
suggesting that we need to lock down file privileges against the BPCS
database, but we are a little unclear about what user BPCS uses for data
access against DB2.  Is it the individual user that is logged into BPCS,
that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other
generic user?

The idea here is to restrict access on a file by file basis for AS400Query,
SQL queries, ODBC connections, etc.  However, we want to be sure if
we lock things down that we don't break BPCS screens and batch
jobs.  Any suggestions on how to improve our understanding in this area
would be appreciated.

Regards,

Jim Reinardy
Director-IS
Badger Meter, Inc.



This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].