X-no-Archive:yes
There is another way of seeing this. "The Mythical Man-Month" discusses the
problem of communication on a project. If at least one other person is
informed of any meaningful work I do (and in our context, there would be
individuals in five different areas looking over my shoulder), then there
are audit trails, and source code should not get lost, and there is still
one individual with 'the big picture' of how the five areas interrelate, and
there are specialists who are likely to have somewhat better ideas in their
areas than the one individual can, while said individual can appreciate the
interaction of these parts to the whole. I * think * that this could achieve
the best of both worlds.

> -----Original Message-----
> From: J. Robert Leighton [SMTP:[log in to unmask]]
> Sent: Thursday, December 24, 1998 5:22 PM
> To:   [log in to unmask]
> Subject:      Re: audit issue
>
> You are correct, Michael.  There must be contols requiring the willing
> collusion of at least two persons in order accomplish fraud and other
> misdeeds.  However, I must say I worry more about accidental damage to
> applications and production data.  I bet there are thousands of
> businesses just discovering that they cannot locate the source code
> for the systems they are trying to bring into y2k compliance, and I
> wonder just how much of that can be attributed to the lack of proper
> controls on access to production.
>
> I am quite familiar with the argument of application developers that
> such controls are so inconvenient and time-consuming that they could
> not possibly accomplish their goals and meet set deadlines.  You never
> hear about the lost productivity in rewriting lost source code and
> recovering damaged production data.  It is therefore hard to convince
> upper management that proper controls are a good investment.  It's a
> bit like insurance: you don't need it until you need it.