"correcting" transactions

Mike or Penny Novack stepbystepfarm at mtdata.com
Fri Feb 21 08:13:12 EST 2014 

I am going to add something.

My years in the cypher mines were spent at one of the world's largest 
"financials" and I designed and wrote code for them. While the folks in 
the office couldn't change things without affecting the audit trail we 
who wrote the code could and that's why there were OTHER controls in 
place checking what we were putting into "production". Very few of us 
were trusted with both changing code AND having "production rights" and 
even those of us who did normally kept their "production rights" turned 
off. <<<Scary because if we goofed with production rights on could 
really make a mess. So "only in a real emergency" and even then I'd 
usually be doing it by telling a person with rights "do this, do that" 
just to avoid a slip of the finger error at my own terminal.

To answer your question:

Prevent changes to data (after some known time) -- there is only ONE way 
to really do this. You have a copy made and sent off site out of the 
control of those who normally could change the data. Then if at some 
later time the question arises if the on site data had been later 
altered, a byte by byte compare with the off site copy will determine 
the matter. Since in the "real world" of larger systems backup copies 
are always being made and some of these sent off site in any case (for 
disaster recovery) this is just a matter of specifying how many copies 
and where sent to and kept for how long, etc.

But to be honest, even at the place I worked there was perhaps too much 
trust placed on "ignorance". Once, when a new security package came in 
and I pointed out a hole to tech support it took me almost two years to 
get that closed << "But who else would be able to figure that trick out? 
Mike, we trust you." >>

And yeah, I sometimes was called in by the auditors to create special 
one time only programs to extract specific data from the main files to 
confirm that somebody in the office had had a hand in the cookie jar 
<<and sadly, I knew one of these people personally>>

Michael D Novack

More information about the gnucash-user mailing list