| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 759.1 | an IRS audit,or what? | WR2FOR::BOUCHARD_KE | Ken Bouchard WRO3-2/T7 | Wed Mar 22 1989 14:24 | 1 |
| What kind of audit are you talking about? Please specify.
|
| 759.2 | Capital Assets Audit | TRCO01::FINNEY | Keep cool, but do not freeze ... | Wed Mar 22 1989 15:02 | 15 |
| Funnier than hell, all the fuss about locating gear, marking them,
etc. , then the day before the audit, I got a VAXstation 3100, and
gave the VAXstation 2000 to my neighbor. Next day the auditors arrived
at 8:30 a.m. exactly, and of course everything was screwed up, because
I'd kept the keyboard, my neighbor had shifted his (borrowed) VT220
to another cube, whose unassigned VAXmate was picked up by ?.
My secretary near murdered me for life !
Only took 2 minutes to straighten out the auditors who weren't the
least perturbed, the see it all the time.
Tensions were high all day though, after they left.
Scooter
|
| 759.3 | Dream the impossible dream (Oh, please!) | PNO::KEMERER | VMS/TOPS10/TOPS20/RSTS/CCDOS-816 | Wed Mar 22 1989 20:02 | 14 |
|
Must be *NICE* to "...get a VAXstation 3100..." and then just casually
"...give your VAXstation 2000 to your neighbor...".
And to think that some people must *FIGHT* for a VT100!!!
Sigh!! When will we learn....
Warren
{Sorry about the sidetrack....I just had to comment....another
note has several replies on this very topic -- getting workstations
to people that SHOULD have them.}
|
| 759.5 | Nice title, poor description | PNO::KEMERER | VMS/TOPS10/TOPS20/RSTS/CCDOS-816 | Thu Mar 23 1989 06:20 | 18 |
|
The title of 759.4 is nicely informative but has me questioning
the way notes describes the functionality of "hiding" a reply.
Perhaps such replies would be *BETTER* thought of as NOREAD.
NOREAD sound much better than HIDDEN. Hidden implies behind the
scenes activity, but more importantly is normally interpreted in
a negative context.
Maybe I should send some advice to NOTES developers???
{Sorry this reply is here....network bandwith precludes efficient
searchs for the proper topic -- moderaters feel free to move it
if desired}
Warren
|
| 759.6 | | MAAFA1::WYOUNG | Yow! Lemme outta here! | Thu Mar 23 1989 09:22 | 60 |
|
I'm not sure of the exact terminology, but what I believe is
happening is an in-depth review of our policies and procedures.
Let me tell you what I've seen so far, and maybe you'll get a
feel for what's going on -
We had been told for some time that a pre-audit was going to be
soon, and we were expecting them in a few days. So, I was kinda
curious when I noticed several strangers in the building. Not to
worry - I work in a data center, and all sorts of people come and go
for various reasons. Besides, they had people from the groups I
work with escorting them. I didn't especially worry about the couple
I saw in the computer room, where I work, because they had a person
from the tech group with them. Besides, they had badges. Must be OK.
Then I get a call - "Is soandso there?" I said no, can I help?
"Well, there's auditors in the building..." How nice. Hello, boss?
Guess what?
At this point, I was told that there would be a meeting. All the
preauditors would introduce themselves, and tell us what we could
expect to see happen over the next 2 or 3 days.
Around 7 or so people were here from the Midwest. They were from a
data center that had already been audited, and they told us they were
here to conduct a preaudit so we would have a chance to correct any
problems that needed fixing before the real audit. I remember the
assortment of people consisting of an area manager, a data center
manager, and a few tech and accounting folks.
The reason they showed up early was because the real audit team is
going to be early as well. We should be expecting this, we were told.
It all seemed fairly clear to me so far, except when the data center
manager asked my area manager "Get any interesting ALLIN1 mail this
marning?" My manager said no, and the visiting DCM seemed disappointed.
Oh, well, must be an inside joke.
The visiting area manager was wrapping up his remarks on how we were
going to be helped by their visit, when he asked "Who's in charge of
Operations?" My supervisor said "I am...". The AM whipped out a CD case
and said "We took this out of your room. Your security was breached."
It turns out that when they were in the room, one of them held the
tech person's attention while the other one liberated the CD case.
That same tech person was also called on the carpet by the AM for
giving the AM an account on one of the systems, which the AM had asked
for to audit the system. Aparrently, the AM had not signed a form
for the account. The tech person attemped to defend himself (he may
have locked the account), but was shouted down by the AM.
Needless to say, the next few days were somewhat tense. I understand
that the real auditors will be here for 6 weeks.
Oh, yeah - the visiting DCM and the MAIL? Well, when the preauditors
were lurking and scheming in the building, they came across a terminal
that someone had left logged in to their ALLIN1 account. So, they sat
down and sent a message to that person's manager.
|
| 759.7 | $.02 | SMOOT::ROTH | Green Acres is the place to be... | Thu Mar 23 1989 11:21 | 17 |
| I feel compelled to say somthing re: .6
I used to work in DIS at a 'district' data center (we served 1/2 of
an Area). The data center is now history... the gear all moved to
the Area datacenter. At no time in my DIS days (about 4 years) was
staffing ever adequate. I have the feeling that this situation
continues today in my Area. During this entire 4 years there were
many things that would probably fail to pass muster during an audit
(like in .6) because there was never enough staff to pay attention
to every little detail.
I'll stay off of my soapbox about DIS staffing, but I would be
interested to know if auditors ever give feedback about lack of
adequate staff... or do the auditors just give black marks and don't
look for a cause?
Lee
|
| 759.8 | We are NOT to trust Digital employees? | NEWVAX::PAVLICEK | Zot, the Ethical Hacker | Thu Mar 23 1989 11:38 | 17 |
| re: .6
> The visiting area manager was wrapping up his remarks on how we were
> going to be helped by their visit, when he asked "Who's in charge of
> Operations?" My supervisor said "I am...". The AM whipped out a CD case
> and said "We took this out of your room. Your security was breached."
> It turns out that when they were in the room, one of them held the
> tech person's attention while the other one liberated the CD case.
So, our data centers are supposed to assume that all _Digital_
employees are THIEVES? The pair who took the CD case _were_ Digital
employees, correct? So, the data center is considered negligent
if it TRUSTS Digital employees???
What next? Strip search Field Service people after a service call???
-- Russ
|
| 759.9 | | TRCO01::FINNEY | Keep cool, but do not freeze ... | Thu Mar 23 1989 13:07 | 17 |
| >> "getting workstations to peolpe who SHOULD have them"
huh? But I should ... I'm doing DECwindows development work wrt
to an ELFI customer.
>> And to think that some people must *FIGHT* for a VT100!!
Well, I had to ** fight ** for the VAXstation too.
My neighbor had to share the VS2000, before the 3100 arrived. He's
doing the same work. Casually given, yes - not casually given away.
>> Sigh!! When will we learn ...
Exactly - we were doing DECwindows design work on my PERSONAL Macintosh
with Hypercard with NO DECwindows platform for 2 months.
Scooter
|
| 759.10 | One Man's Answer | BOSACT::EARLY | Actions speak louder than words. | Thu Mar 23 1989 13:47 | 21 |
| RE:
Note 759.8 Audit Mania
NEWVAX::PAVLICEK "Zot, the Ethical Hacker"
> So, our data centers are supposed to assume that all _Digital_
> employees are THIEVES? The pair who took the CD case _were_ Digital
> employees, correct? So, the data center is considered negligent
> if it TRUSTS Digital employees???
>
> What next? Strip search Field Service people after a service call???
I keep a squirt gun in my desk which looks just like a 9mm German
Luger for just such occasions. Just let those suckers try that crap on
me, and the Luger comes out with me jumping to my feet and screaming;
"Up against the wall you thieving scumbags! Jackie ... call Security!"
;^)
|
| 759.11 | | MAAFA1::WYOUNG | Yow! Lemme outta here! | Thu Mar 23 1989 13:55 | 19 |
|
To answer the questions in .7 and .8 -
Yes, there does seem to be a headcount issue in this data center.
I have heard many of my peers express their concern that there did
not seem to be enough people to handle the workload.
It was mentioned in the meeting that problems the auditors found
would be discussed, but I don't think the "black mark" would be
removed.
Trust? Not quite. The visiting area manager said something to the
effect of "I am an auditor. You are not to trust me, you are to
follow your policies and procedures."
Not that I'd trust any of them anyway...
Warren Young
|
| 759.12 | Grrr... did this *really* happen at DEC? | SMOOT::ROTH | Green Acres is the place to be... | Thu Mar 23 1989 14:19 | 12 |
| Re: your 'pre' audit-
I would ask them what DIS policy was violated during the visit.
It would seem that datacenters (now) need to 'shadow' every data center visitor
by a data center person every moment that they are on the premises. This of
course would include KO or Jack Shields, right? ;^) And what defines a
'trusted' person and a 'non-trusted' person?
I'd be hopping mad after a visit like that!
Lee
|
| 759.13 | Ah! Justice! | REGENT::MERRILL | All we need now is a sanity check ... | Thu Mar 23 1989 14:30 | 4 |
| Hey, anyone who says "I am an auditor" (or lawyer or banker) should
be stripped searched immediately!
|
| 759.14 | Set mod/hat=on (sigh) | LESLIE::LESLIE | Old light, through New Windows | Thu Mar 23 1989 17:51 | 9 |
| Enough. This is yet another example of a topic descending into insults
and epithets being hurled at fellow employees, to no great
enlightenment of your readers.
Badmouthing of fellow employees is a VERY bad idea.
This topic set /nowrite.
Andy (co-moderator)
|