Had a meeting today. 1 of the key agenda is with regards to an audit finding.
Since the beginning of the project, our team has been sharing 1 user id to login to the main system to amend the codings. Auditor says this process lack accountability and must be changed. They want to remove that login id and suggested a new method of promoting codes which I find also full of security loopholes.
Why would we want to do unauthorized changes to the main coding?
Yes, there is a need for accountability. There is a need for control. But control must be moderated to a level where it does not obstruct the daily work. If the new method by the auditor is to be implemented, it is going to create alot of extra process for us. I hate auditors. All they care about is accountability and control. They don’t bother about how its going to affect the entire turnover timing.
It all boils down to trust. How much do you trust your employees?
So I suggested to my teamlead a solution:-
The whole team go say the Oath of allegiance infront of the CEO.
“I, *NRIC*, *TITLE* and *NAME*, pledge that I will not do unauthorized insertion, modification or deletion of the coding in the main system SIR!”
PS: Only my teamlead and I laugh because the rest of my teammates are either females or Non-Singaporeans.