Don't get me started... We are being told that it is a SOX requirement that
no user have individual security.  We must create groups and attached people
to groups ONLY.  A security request is also treated as "change management"
and has to have 2 sign offs just in our department.  Getting ridiculouser
and ridiculouser (ha)  Our company hired a contract company to "help" us get
ready for the SOX audit.  What a mess.  They are already planning to come
back next year to help us with the SOX points we fail.  If this company is
so good at what they do, we feel we shouldn't fail anything!  (being a
logical thinker)  This company has been here 3/4 of the year already.

We did clean up MAPICS security because if someone leaves the company we
delete them off the AS/400.  but they are still in MAPICS.  And if you
delete them from MAPICS CAS they can still have COM user defaults, group
jobs, etc.  The auditors don't understand if you cannot sign on the 400, you
cannot use those tasks in MAPICS.  I don't know how many ways to say it, yet
they still do not understand!  And since we have IFM and there are not good
security reports in IFM, it has been a pit.

We already had an electronic key to get in our department... now we have an
electronic button on the back of our badge to get into the server room!
This is beside all the lists that Pete mentioned.  Some of this is just the
auditor (or contract company getting ready for the audit) interpretation of
SOX.  SOX is about fraud and people to take responsibility for what goes on
at a company!


-----Original Message-----
From: mapics-l-bounces@xxxxxxxxxxxx
[mailto:mapics-l-bounces@xxxxxxxxxxxx]On Behalf Of Greg Wenzloff
Sent: Friday, December 16, 2005 1:26 PM
To: MAPICS ERP System Discussion
Subject: RE: [MAPICS-L] Restricting command line usage

Thanks Ann and Pete!

Pete - I would like to know about your SOX audit.   I'm getting ready
for my audit and there are way too many ways to get in hot water.
Perhaps you could post on what they tested you on.   There are probably
others on this list in the same boat.


This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.