Should developers or migrators have system admin admin to the application? My thoughts are no, but client is saying access is necessary

like
Posting as :
works at
You are currently posting as works at

There should be SoD controls in place so that no prod or lower environment dev/analyst can move code from lower environments to production unilaterally. You tend to see this failure in SoD right after implementations when Prod analysts have access to lower environments associated with the build pre go live.

like

Does the client use waterfall or agile method for developing, testing, and migrating changes to production? In a agile/DevOps model, engineers might have access to all environments but there should be controls in place to ensure no one can unilaterally develop and migrate changes (e.g. GitHub branch protection rules). In a traditional waterfall environment, the answer is a big no.

Related Posts

Absolute mad lad! 😭

Post Photo
likefunnysmart

Any recommendations on credit cards with lounge access? Currently have the Chase Sapphire Reserve which has Priority Pass, but have been turned away from lounges not accepting PP at peak times

“Those who vote decide nothing. Those who count the vote decide everything.” ― Joseph Stalin

like

Hi everyone, I’m Matt, the Cofounder and CEO of Fishbowl. I’ll be hosting a Fishbowl Live convo this Thursday at 8 PM EST sharing experiences that I hope are helpful for this community based on the 3 startups I’ve launched.

Ideation… product iteration… fundraising... it’s all fair game. You can join us by tapping on this link at 8 PM EST on Thursday:

likehelpfuluplifting

For those not on the Symposium call: decisions late next week or early week of 7/11

like

9th September onwards, so called the grand programme for the next 3 Fridays for completion of 150 years!
Question to Leadership!
1. You are calling all the employees in the office & just providing lunch? That's all for completing 150 years?
2. You would ask questions, and whoever is able to answer it, you will give some merchandise only to them?, And the other people are not your employees?
Why are you even organizing it? You think people would come from far places just for lunch?

likeuplifting

What is a look back analysis?

like

Promotions announced in EY India. Any one in GDS received the call till now ??

Does anyone know if Timothy Keller is still preaching in NYC? Otherwise church recommendation for NyC ? Will be flying in from Europe so evening service would be great !

like

Is being a radiation therapist a good career? I have a nutrition and exercise science bachelors degree and was thinking to do an associate’s in radiation therapy. Would I be able to do a bachelor’s in radiation therapy if I transfer over some of my credits? is this a career with good status?

like

why is this bowl usually sooo silent ?

like

Hi All, I've been offered 6L fixed with 15% variable for F&A in Accenture, and my last drawn was 4.10LPA. Could someone pls tell me if I should negotiate for more or is this the slab for level 11?

Please help! Accenture

like

What are some of the best corporate ventures arms?

like

Public finance exit opps?

Please suggest

YOE 2.4
Azure data engineer

Fractal - 14.5
@Rich Products Corporation - 18.5

like

Freelance social media managers: how to you charge for your services? What deliverables are included? What’s your rate?

like

What salary range should I give for Avascent analyst role?

like

Best books on entrepreneurship? Trying to find a good birthday gift for a friend thinking of starting his own company and exploring business ideas

like

What’s so good about the Georgia Tech OMSC and OMSA? Is it just the cost? Seems to be recommended by most of reddit

likehelpful

Has anyone interviewed for a Data Scientist position at Facebook and have any advice on the coding and product sense interview?

like

Additional Posts in Risk Assurance

How do you all keep up with trends in risk and internal audit?

like

I lead our SOC practice for a US mid tier cpa/consulting firm. I've been losing a lot of deals due to lower cost / boutique vendors who are partnered with these SOC automation platforms (Vanta, Laika, etc.). Have any of you used these tools for the audit and what has your experience been like? Thanks

like

What’s the salary range for IT Audit Seniors in the Seattle market?

like

Hi! I used to work at PwC and currently work at Friedman. I’ve been at Friedman for about a year and a half and I love it! We are hiring at an experienced associate and senior associate level! Cont..

like

I'm a Tech Risk SC, but have an accounting/finance background. I'm doing the FRM now for broader cert experience, is it worth doing CA long term in my area?

Be honest, do you see yourself staying in the game to make partner?

likehelpful

I’m getting put up for manager a year early. I have PPMD ,SM, and M support. Pretty much support from all the key individuals on my team and in my service line. Since it is a year early if i don’t get promoted this round I know it’ll come mid year but I do expect a good salary increase still without the promo. If I don’t get the promo nor a salary increase that I’m okay with, how do I let my partner know that I will begin to entertain outside offers? some of which have offered the manager role.

like
like

What makes more money IT Audit or IT GRC?

like

When is busy season over for the SOX side of stuff? Please tell it doesn’t go past 12/31.

funny

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

I have an offer for a Director of IT Compliance role. Small/mid size company and in MCOL, I have +12 YOE. Base salary in the offer is 160k and annual bonus 20-45k (depends on company performance). Any thoughts on the offer? I’m inclined to ask for a base of 170k since not in rush to change jobs.

like

Tried to jump to a big 4 as a senior 2 in risk assurance . SF market - offered 93k base and 15k bonus. Is this worth?

Does business Process Internal Audit or IT Internal Audit make more?

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

I have an interview coming up for internal audit manager. Currently in external audit. When asked about my experience in ERM - what would you say Is transferable skills that I can leverage in my answer?

like

Any idea on what I industry senior risk analysts are making?

like

Anyone can give insight in B4 Risk in Houston/Dallas market?

like

Is KPMG, EY and PWC considerate about one not wanting to travel and chosing local projects in the IT Assurance practice? Please share your experiences. Thanks!

Are the exit opportunities better in Internal Audit/Business Process than IT Audit? All I hear is how awful IT Audit is but don’t hear as much complaining from the business side

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal