Databases Reference
In-Depth Information
13.7
Sustainable automation and oversight for
audit activities
Creating a sustainable auditing solution requires an architecture that will
allow you to automate the generation and distribution of audit materials.
You cannot afford to rely on a manual process to make sure all of the right
people sign off on the audit reports and assessments; this should be sup-
ported by your architecture so that you don't have to be busy with the pro-
cess. Therefore, make sure you can either plug into some corporate workflow
infrastructure easily or use an auditing system that addresses this issue.
Automation is an important part of a sustainable solution, but so is
oversight. You can have the best system for automating the distribution of
the auditing data, but you also have to make sure that people are reviewing
and signing off on the data. You need to make sure you know if someone is
not keeping up and is not looking at the reports. As an example, an audit
process may define that a DDL report should first be reviewed by the DBA
and then by the operations manager. The workflow can be defined to
deliver the report to the DBA, and only once it is approved by the DBA
does it go to the operations manager. In this case, if the DBA does not
review and release it, the operations manager will never get it.
To avoid these problems, you must have built-in oversight for the audit
process. This oversight will ensure that the audit tasks are continuously acti-
vated and that reviewers do not hold up the processes. The oversight can be
passive or based on exception management. Passive oversight means that
your auditing system provides a way to report on all active processes and
how many outstanding reviews/sign-offs are still pending. As an example,
the monitors shown in Figure 13.6 show you that the DBA has many items
Figure 13.6
Monitoring
outstanding audit
processes.
Search WWH ::
Custom Search