Dear team leads and wannabe PMs . .Sarbanne Oxley desired . .Have you noticed lately that job specs come with the above requirement (especially with public sector and multi country implementations). Well here is an interesting set of things auditors are looking at . Remember that spectacled bloke in O doing healthchecks . .For the technical bods out there here is a brief checklist I came across . .Sox Rule = Applmgr account can't shared by two people. .Solution = Look at powerbroker unix account auditing. By implementing this we can share the applmgr account because you can track who is doing what. This is more powerful than shell history tracking. . . .Sox Rule = SYSADMIN user account can't be shared. .Solution = Don't de-activate the sysadmin account. Just change the password and don't release the password to anyone. Create independent accounts and grant the sysadmin responsibility. Make sure that Workfloe Admin role is set to a responsibility instead of sysadmin. Create an alert using pl/sql to monitor the SYSADMIN usage. If some tries to login as sysadmin you will get the alert. . . .Sox Rule = Multiple people are using "System Administration" Responsibility. .Solution = Enable the sign-on audit at form level. Every week-review the audit reports to make sure that authorized people are accessing the sysadmin responsibility. . .Sox Rule = Tracking the unsuccessful logins .Solution = Track the unsuccessful logins using a pl/sql monitoring alert. . .Sox Rule = Password Profiles .Solution = Make sure that hard-to-guess and min password length profiles are enabled. Make sure that password expiration set to 90 days. . .Sox Rule = Change the Oracle schema passwords .Solution = Negotiate a 30 min downtime window every quarter to change all the oracle schemas passwords in e-business environment. . .Sox Rule = Multiple people has access to the APPS schema. .Solution = Create APPSR schema with read only privileges. Grant .insert update delete privileges to APPSR from the apps schema for all .the interface & interim tables. (for ex mtl_transactions_interface etc). .Apply the latest CRM diagnostics patch so that all the BA'S and the .developers can Use the web diagnostics reports instead of sql scripts like omcheck.sql and omsellisql). . .Sox Rule = Developers has the access to functional modules .Solution = Create the read only user and read only responsibilities using CUSTOM.pll. For CRM users implement the CUSTOM roles which allows only the read privileges. . .Sox Rule = Tracking the changes to the $APPL_TOP .Solution = Implement the version Control (pvcs or startteam) . .Sox Rule = Change Control process .Solution = Implement a custom solution or mercury interactive. . . .By the way Sarbanes-Oxley is a US law passed in 2002 to strengthen Corporate governance and restore investor confidence. . .Laugh or lament

So is this saying that we can improve investor confidence by restricting access to APPS/ SYSADMIN etc to all us cowboy hackers! .Presumably we dont tell the investors that it cost x-million dollars to hire Sox Consultants to review and implement it all in the first place.