Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Business justification for Oracle db server?

Re: Business justification for Oracle db server?

From: DA Morgan <damorgan_at_x.washington.edu>
Date: Sat, 30 Apr 2005 13:26:28 -0700
Message-ID: <1114892560.149753@yasure>


Galen Boyer wrote:

> On Fri, 29 Apr 2005, damorgan_at_x.washington.edu wrote:
>
>

>>Assuming your organization is subject to US laws you likely fall under
>>the requirements of Sarbanes-Oxley, HIPAA, or similar. Assuming
>>Sarbanes Oxley, quite frankly, use of MS Access and/or Excel is close
>>to equivalent to breaking the law and puts your c-level managment at
>>risk.  Simply put Sarbanes-Oxley requires that all numbers used to
>>make and report financial decisions be auditable. It is absolutely
>>impossible to audit either MS Access or Excel.

>
>
> Hey Daniel,
>
> My company's IT department just got slammed by Sarbanes-Oxley. In our
> new Oracle frontier (I'm the architect of the datawarehouse and ODS) we
> have a first release that includes Microsoft Access used to do some user
> updates to our Oracle backend. I'm authoring all of the user_auditing
> inclusive of Fine-Grained auditing. In subsequent releases we plan on
> replacing Microsoft Access with a web front-end.
>
> Do you know of any Sarbanes-Oxley that we are violating with just using
> Access as a user front-end?

Not by virtue of MS Access as a front-end tool because Oracle provides your security and auditing. The one thing some consultancies are advising though is that you very carefully manage versioning of the front-end. In other words it should be impossible for someone to alter the front-end tool without that alteration being audited.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)
Received on Sat Apr 30 2005 - 15:26:28 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US