Don't get me started... We are being told that it is a SOX requirement that no user have individual security. We must create groups and attached people to groups ONLY. A security request is also treated as "change management" and has to have 2 sign offs just in our department. Getting ridiculouser and ridiculouser (ha) Our company hired a contract company to "help" us get ready for the SOX audit. What a mess. They are already planning to come back next year to help us with the SOX points we fail. If this company is so good at what they do, we feel we shouldn't fail anything! (being a logical thinker) This company has been here 3/4 of the year already. We did clean up MAPICS security because if someone leaves the company we delete them off the AS/400. but they are still in MAPICS. And if you delete them from MAPICS CAS they can still have COM user defaults, group jobs, etc. The auditors don't understand if you cannot sign on the 400, you cannot use those tasks in MAPICS. I don't know how many ways to say it, yet they still do not understand! And since we have IFM and there are not good security reports in IFM, it has been a pit. We already had an electronic key to get in our department... now we have an electronic button on the back of our badge to get into the server room! This is beside all the lists that Pete mentioned. Some of this is just the auditor (or contract company getting ready for the audit) interpretation of SOX. SOX is about fraud and people to take responsibility for what goes on at a company! Ann -----Original Message----- From: mapics-l-bounces@xxxxxxxxxxxx [mailto:mapics-l-bounces@xxxxxxxxxxxx]On Behalf Of Greg Wenzloff Sent: Friday, December 16, 2005 1:26 PM To: MAPICS ERP System Discussion Subject: RE: [MAPICS-L] Restricting command line usage Thanks Ann and Pete! Pete - I would like to know about your SOX audit. I'm getting ready for my audit and there are way too many ways to get in hot water. Perhaps you could post on what they tested you on. There are probably others on this list in the same boat. Thanks, Greg _______________________________________________ This is the MAPICS ERP System Discussion (MAPICS-L) mailing list To post a message email: MAPICS-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/mapics-l or email: MAPICS-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/mapics-l.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.