"correcting" transactions
Mike or Penny Novack
stepbystepfarm at mtdata.com
Fri Feb 21 08:13:12 EST 2014
I am going to add something.
My years in the cypher mines were spent at one of the world's largest
"financials" and I designed and wrote code for them. While the folks in
the office couldn't change things without affecting the audit trail we
who wrote the code could and that's why there were OTHER controls in
place checking what we were putting into "production". Very few of us
were trusted with both changing code AND having "production rights" and
even those of us who did normally kept their "production rights" turned
off. <<<Scary because if we goofed with production rights on could
really make a mess. So "only in a real emergency" and even then I'd
usually be doing it by telling a person with rights "do this, do that"
just to avoid a slip of the finger error at my own terminal.
To answer your question:
Prevent changes to data (after some known time) -- there is only ONE way
to really do this. You have a copy made and sent off site out of the
control of those who normally could change the data. Then if at some
later time the question arises if the on site data had been later
altered, a byte by byte compare with the off site copy will determine
the matter. Since in the "real world" of larger systems backup copies
are always being made and some of these sent off site in any case (for
disaster recovery) this is just a matter of specifying how many copies
and where sent to and kept for how long, etc.
But to be honest, even at the place I worked there was perhaps too much
trust placed on "ignorance". Once, when a new security package came in
and I pointed out a hole to tech support it took me almost two years to
get that closed << "But who else would be able to figure that trick out?
Mike, we trust you." >>
And yeah, I sometimes was called in by the auditors to create special
one time only programs to extract specific data from the main files to
confirm that somebody in the office had had a hand in the cookie jar
<<and sadly, I knew one of these people personally>>
Michael D Novack
More information about the gnucash-user
mailing list