
I'm confused!
">whirrrrr< >thump< >thump< >thump!<"
I thought that was standard procedure for dealing with the the auditors themselves!
--------> Most auditors I've met!
BOFH logo telephone with devil's horns "Yes, well, as I innosplained just a moment ago, we can implement that change with the new technology we've just bought." "Did you say ... 'innosplained'?" "Yes – outlining the innovative applicability of a new technology in an overly verbose and condescending manner, highlighting …
First you need them to sign off on the audit. You could fake their signature, hack the required audit portals, forge and upload the needed documents, etc. But that just sounds like work and it's nearly pub-o-clock. Best get the auditor to do it "of his own free will", just before he decides to say goodbye to this crew world with a long step off the roof.
At one place of shirk, we had about 2 or 3 PWC audits a year & usually got something like 98% overall. This was partly down to the fact we did our own audits of accounts & permissions in advance.
I had scripts that granted the user local Admin rights for the duration of the setup & config & revoked them at the end if the users job role did not require them to have local Admin rights.
We used to record things like "soft" (User went back to college for 3 months) or hard (Sacking or resignations) terminations in the notes section of the user profile, along with date time & who performed the task, again me being me I had this scripted.
When we were all laid off & our tasks were to be given to the existing Field staff who were stepping into our shoes & moving into corporate headquarters as a base of operations (We were on a legacy site 200Km's away), they showed little inclination to follow the practices & went so far as to avoid any information sharing\handover of knowledge.
PWC Auditors said hey loved coming to our location as everything was usually correct & they really had to dig deep to find non-compliance - I would love to know how they reacted to the plummeting standards. I do know things went to hell fairly fast, as 2 weeks after the last of us left, everything went into Covid lockdown & they had just got rid of (The core) half of the IT team.
> and just looking through your fixed asset register
One company I worked for had this situation. "I see you spent £30,000 (about the price of a starter home, in those days) on something called an Ada compiler. Can I see It please?"
At which point the company secretary accompanied the auditor to the machine room and pointed to a 9 track tape. "There it is" with a hand written sticky label that said ADA Compiler on its case.
Still, at least it wasn't an eight track tape.
Once got a part delivered from Cisco.
The box was a foot square by 2ft high, contained a smaller book sized box, lots of scrunched up paper and around 6 pages of paperwork. The paperwork had export restriction noting that said this was not to be shipped and/or used in or by the Axis of Evil...
It was a single 6ft yellow CAB-ETH-RJ45 ethernet cable!
And, yes, it was surplus to requirements because the rest of the order already came with them as default... which we promptly discarded as 6ft ALWAYS turned out to be just that little bit too short
I once requested additional licences for software used on our OS/2 estate. What arrived a couple of weeks later was a large box about 3ft x 2ft x 1ft.
"Bugger...", thinks I, "they've sent me physical media" - which was fine - but the box was rather light. It contained a smaller box, packaged with lots of packing noodles, within which was a smaller box, again surrounded by noodles, and inside that was an envelope containing documentation confirming the additional licences!!
Asset registers are to be kept safe... Reminds me of an incident many, many moons ago. One day, a friend asked me whether I had use for used office equipment, originating from Big Corp, my employer at the time, sold online for very cheap. Sure!
Not long after I materialised said bargain, I had a meeting with Big Corp's security officer about some security audit. And during a tea break he tells me news, totally unrelated to the audit, about a now-ex employee, who privately sold lots of used office equipment, owned by Big Corp, and pocketed the revenue.
out >whirrrrr< >thump< >thump< >thump!< on our beancounter (if he ever comes back... and no it wasn't me this time )
Because most of the content of this edition of the BoFH sounds rather like the bollocks he talks for an hour at a time while everyone else looks for a way to end their suffering without ruining the new meeting room carpet (the boss removed all sharp objects from the room last week when he noticed that the new carpets colour doesn't hide the blood stains).
But on the other hand, I have a roll of used carpet that does hide the blood stains.....
This post has been deleted by its author
a Y2K compliant AI Repurposer as described by Simon is feasible and a mashup of an existing AI service and a bit of scripting to string the bits together would likely work better than Devin, Cognition AI's AI software engineer. I imagine you could flog the Repurposer for less than USD500pcm