>Warmly Padgett, Almost-Esq., pointed out the "who can you trust" aspect
>of this behavior, albeit by counter-example. Steve Marquess pointed out
>the equally important "who can you blame" aspect, which we'd be foolish to
Have a few reasons for avoiding that aspect:
1) "Who you gonna blame" deals with revenge/recovery/CYA, something I have
little time for. My purpose is to avoid the exception from happening
in the first place (not always successful but have never seen finger-
pointing to be useful except to demonstrate a need for training).
2) Just the first occupies far more than 40 hours a week.
3) Determining the "fall guy" is rarely a technical issue.
>So, have any of you big-business wage-slaves had corporate auditors come
>into your shop and ask questions (perceptive or otherwise) about
>firewalls and network security yet, and if so, would you be willing/able
>to share such stories with the list? Better yet, does anybody work for
>one of the Used-To-Be-Big-7 accounting firms and know what they're doing
>internally about this?
Training the auditors is sometimes part of my job, can be very handy for
adopting unpopular/unfunded practices by having a department get giged for
something that you just happen to have a no-brane solution.
>From what I have seen, the "Big-7" is rapidly becoming a vast horde of
"LLP"s - Limited Liability Partnerships with the parent company acting as
matchmaker. Don't have to be a rocket scientist to translate that.
ps closest I've been lately to being a "shield bearer" is seeing a copy of
Black's in a store yesterday.