Dear Jim ~ response #6, My response #1 asserted that SOX rubber meets the road with PCAOB's interpretation of Sarbanes-Oxley for external auditors. The Public Company Accounting Oversight Board's Auditing Standards No. 2 includes 216 detailed requirements for SOX auditors spread over +/- 110 pages. Here are 2 pages of excerpts which I believe are a must-read for senior executives at manufacturing companies: http://www.unbeatenpathintl.com/pcaobdetails/source/1.html The net finding is that PCAOB has given SOX auditors every conceivable incentive to dig into infinitesimal BPCS business process details. Think about this scenario from the viewpoint of audit firm XPW who has been retained for your 2004 SOX audit: Lets say that XPW fails to find an internal control deficit in your BPCS product costing. Then in 2005 you retain a different firm (YDT) and they do discover that legacy BPCS problem. YDT concludes that it is material in the aggregate according to PCAOB requirements and they report it to your shareholders. Now, if your stock price goes down after the YDT report appears, what is XPW's professional liability to your shareholders? I don't know the answer to that question --- but I would speculate that external auditors want to avoid that question with very, very thorough internal control audits across every BPCS process. Unbeaten Path can prepare you for that degree of SOX scrutiny with our Stitch-in-Time (tm) Internal Control Assessment. http://www.unbeatenpathintl.com/stitchservices/source/1.html Our assessment report arrives with a money-back guarantee of professional quality and customer satisfaction. By the way, if you are a common stock investor, heads up! You may be interested in reading an essay which speaks to an unintentional outcome from SOX: will a series of unfavorable SOX audits "knock the legs out from under investor confidence in the market" ???? Here's the essay: http://www.unbeatenpathintl.com/debriscloud/source/1.html Please see these subsequent responses for BPCS/SOX topics: #7 ~~ information about our award-winning Stitch-in-Time (tm) Data Integrity software the enables you to respond to SOX auditor inquiries about the integrity of DB2 information. #8 ~~ introduction to several other clever and affordable Stocking Stuffers (tm) for SOX products designed to help enterprises prepare for Sarbanes-Oxley. God bless, Milt Habeck Unbeaten Path International Toll free North America: (888) 874-8008 International voice: (262) 681-3151 European contact: (44) 1-737-824248 mhabeck@xxxxxxxxxx www.unbeatenpathintl.com ++++++++ +++++++ +++++++ +++++++ +++++++ +++++ From: Reinardy, James To: bpcs-l@xxxxxxxxxxxx Sent: Wednesday, June 09, 2004 3:17 PM Subject: DB2 Users Hello All, We are running BPCS 6.04 on iSeries. I am trying to understand the relationship between iSeries users, BPCS users and DB2 file access. The concern is arising because of Sarbanes-Oxley. Our auditors are suggesting that we need to lock down file privileges against the BPCS database, but we are a little unclear about what user BPCS uses for data access against DB2. Is it the individual user that is logged into BPCS, that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other generic user? The idea here is to restrict access on a file by file basis for AS400Query, SQL queries, ODBC connections, etc. However, we want to be sure if we lock things down that we don't break BPCS screens and batch jobs. Any suggestions on how to improve our understanding in this area would be appreciated. Regards, Jim Reinardy Director-IS Badger Meter, Inc.