The Business Controls Caddy

Permalink Leveraging OpenNTF.org for your Compliance Needs




Every once in a while, I will see a posting in the LDD Discussion fora that are obviously tied to a compliance and/or IT Governance need. At the same time, I know there are tools on openNTF, like Julian Robichaux's OpenLog tool which can be so easily plugged in to meet requirements and save hair pulling. I saw one such post yesterday:

"We'd like to track User Detail for our financial applications (name, reads/writes/deletes). However, I can't find any functions in Script or Java to find this. Any suggestions? Any efficient code out there for doing this in the Database open or close?"

The poster than replied to himself with his own "solution":

"I didn't realize that User Detail is actually stored on the server under Usage views. I wrote an agent that runs nightly to pull yesterday's Session log entries into another database, so that we have a longer-term copy than what is available on the server (a few days)."

This is all well and good, but does not really address the underlying need to document who is actually touching (editing) or deleting specific documents in financial applications, which IT auditors will consider a must have audit trail. Of course, there is the tried and true audit trail functionality that people put in their forms (or at least should). But often times, these audit trails fall short because they only track the last five or so edits to a document, and they do not necessarily track exactly what was changed on a document. I worked on an application last year that had field level tracking built in, but the inherited code was a pain to manage. It did, however, meet the auditors requirements.

SO what should a developer do when he is faced with two absolute requirements he will face from auditors, especially if Sarbanes-Oxley is part of the environment. Without a doubt, this developer should head over to OpenNTF.org and download/use two projects which would be perfect plug-ins for applications. The first is Chad Schelfhout's OpenAudit application, which is designed to track field level changes to documents. The second is Chris Blatnick's Application Activity Tracking application, which tells you who touched a document and when. There may be some additional overhead associated with the latter tool, but given the current audit environment, you might not have any choice in the matter.

The key to take home from this posting is that meeting auditor requirements and/or findings does not have to be a nightmare. Just leverage the tools that are out there. You can buy applications from Business partners or leverage open source tools. The choice is yours, but either one saves you from having to build from scratch.



Comments

No documents found

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



free html hit counter