by KP MG , on development and release procedures
I have a month to get prepared
I have a month to get prepared
-
(\__/)
(>'.'<)
("")("") Born to Drink. Forced to Work -
yes, don't sweat it - most of them are clueless and following a prescriptive outdated mandate IMO.
Do your research on what they are there to audit and what they will be looking for - but in my experience of audits from KPMG (on release management and security) they'll always find something to mark as "needs improvement" ; otherwise they aren't selling their auditing services as having any value.
Cards on the table, I HATE AUDITORS ...... It's easy to tell people how to do things "by the book" and properly, when you have no real life implementation skills of doing it at all. -
Not personally, an ex-colleague was auditted a few months ago. They absolutely ripped his procedures apart, completely humiliated before the boss came in & had him shot on KP MG's say so.
Not that, that will happen to you of course.What happens in General, stays in General.You know what they say about assumptions!Comment
-
My last experience of them was in minicomputer days and they couldn't understand why we didn't keep logs of every single character typed on the main console, like what ICL mainframes gave you.Originally posted by Scoobos View Post
Not impressed really.Behold the warranty -- the bold print giveth and the fine print taketh away.Comment
-
Before the audit
Go through all your procedures and make sure they're not missing anything
Make sure that the written procedures and what actually is done are the same - or at least there's no evidence of violation
Find any violations of procedures and fix them (or bury them under the patio)
If there any explainable anomalies - record the explanation and keep it to hand.
During the audit
Never volunteer information.
If asked questions that you cannot answer immediately, tell them you'll get back to them on it.
If a question needs some investigation, do it when they're not in the room.
After the audit
Go through the findings and challenge where necessary.Down with racism. Long live miscegenation!Comment
-
For EO to understand, replace words Auditor with Police and Audit with Interview.Originally posted by NotAllThere View PostWhat happens in General, stays in General.You know what they say about assumptions!Comment
-
External auditors, been there and really it was that bad. It was a scam and glad I moved into ITOriginally posted by Scoobos View Post
Internal auditors can be useful though
When I did it I warned of lax security that could lead to fraud, and when someone was found to be defrauding the organisation was tried to be implicated as a whistle blower
I managed it when I was younger, and found a lot of business processes that were outdated and/or pointless
Now I'd be too cynical to do it, but then I genuinely thought I was helping the organisationDoing the needful since 1827Comment
-
Not All There is correct. If there is one bit of advice that you MUST stick to it's;
Never, ever, ever volunteer information....my quagmire of greed....my cesspit of laziness and unfairness....all I am doing is sticking two fingers up at nurses, doctors and other hard working employed professionals...
Comment
-
You know it makes senseOriginally posted by EternalOptimist View PostWhile you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'Comment
Comment