August 15, 2012 by Mike Hillwig
Welcome to my latest installment of How Not to be a Cranky DBA.
One of the lessons I learned at my previous employer is that auditors can be a great asset. Many people see them as a hinderance to getting work done. Instead, I see them as a way to leverage the rules.
If you work in any type of financial institution or publicly traded company, you’ve surely been through your share of audits. My former employer was bound by Sarbanes-Oxley (SOX) 404, and my current employer deals with financial instutions and investment firms. For me, audits are a way of life. I’ve learned to adapt.
At my previous employer, I had a request come in to give someone access to a part of the system, and it had the proper approvals. But it just didn’t feel right. We were giving access to someone who shouldn’t have access. It was a violation of segregation of duties. That’s when I forwarded the request to our internal auditor and asked her what she thought. Her response confirmed my suspicion.
My boss wasn’t too thrilled with me at first. And then I reminded him that I would rather have the internal auditor take issue with something instead of the external auditor. If the external auditor found something, it would show up on the report to the board of directors or potentially even on the company’s filing with the SEC.
One of our jobs as technology professionals is to protect people from themselves. I reminded my boss that day that I’d rather be fired for doing the right thing instead of being fired for really screwing something up. That was the end of the conversation. Think about it. Would you rather have your CFO angry or your CFO in prison? That’s usually a conversation killer, and you’ll usually win.