Confessions of an IT Manager_Phil Factor
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Section III: S<strong>of</strong>tware Projects: the Good, the Bad <strong>an</strong>d the Pitiful 125<br />
<strong>Phil</strong> <strong>Factor</strong>:<br />
Excellent! We seem to have a broad agreement on the general<br />
principles <strong>of</strong> the design. There's no sense in getting into to much detail<br />
at this stage. (Thinks, if I run part <strong>of</strong> the way to Liverpool Street station,<br />
I'll get that train)<br />
Colin Compli<strong>an</strong>ce:<br />
(clears throat) I'm a bit concerned about the auditability <strong>of</strong> this<br />
NAD.<br />
<strong>Phil</strong> <strong>Factor</strong>:<br />
(Thinks: Two million years <strong>of</strong> hum<strong>an</strong> evolution just to get a Compli<strong>an</strong>ce<br />
<strong>of</strong>ficer! Nature c<strong>an</strong> be cruel. It doesn't seem right.)<br />
Colin Compli<strong>an</strong>ce:<br />
This design isn't going to get sign-<strong>of</strong>f by the audit-compli<strong>an</strong>ce team.<br />
Do you realise that we have to be able to reproduce invoices, advice<br />
notes, returns <strong>an</strong>d such paperwork exactly as first done? We have to<br />
audit when <strong>an</strong> address ch<strong>an</strong>ges. Any ch<strong>an</strong>ge <strong>of</strong> name has to be logged<br />
with date, time, the database user <strong>an</strong>d workstation. There have been<br />
m<strong>an</strong>y frauds in the past that have involved ch<strong>an</strong>ging a customer's<br />
address, so the audit-compli<strong>an</strong>ce team will have a feeding-frenzy on the<br />
design as it is so far.<br />
<strong>Phil</strong> <strong>Factor</strong>:<br />
(thinks: OK, next train in <strong>an</strong> hour's time. Might as well spread the<br />
<strong>an</strong>guish) Good thinking, Colin. So that me<strong>an</strong>s we'll definitely need to<br />
have all CRUD done via stored procedures, with a separate log for all<br />
ch<strong>an</strong>ges.<br />
(Developers slump, despondent)<br />
Colin Compli<strong>an</strong>ce:<br />
(warming to the subject) Yes, the design will have to have a full<br />
audit trail. We will need to make all tables time-based so that all<br />
versions are kept, with <strong>an</strong> insertion-Date <strong>an</strong>d termination-date, <strong>an</strong>d the<br />
SQL picks out the current one only due to its null termination-date.<br />
We'll need a trigger to enforce the rule <strong>of</strong> having only one record with a<br />
null termination-date where one would otherwise have a unique<br />
constraint. We c<strong>an</strong> then cross-check it with the separate audit log.