- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Yay for SOX-compliance!
Admin
Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?
Admin
Why did he do it in the first place ? If he don't take the blame for it, somebody else might when somebody finally notices the system was altered.
Admin
Might want to update that Monster.com resume. When the manageriosphere starts losing money, people start losing jobs.
Admin
Better yet, why is it NOT funny to rat him out? The dudes a complete moron with horrible business ethics. He should be fired. Not sure if anyone realizes this, but cooking the books can be a federal offense.
Admin
It's funny to rat him out because the the alternative is being an accessory to a federal crime. If he had actually done what the BA had asked, and the crime had ever been discovered, he would be in a basket load of trouble for taking part in the cover-up.
Admin
Not sure why this wasn't included in the original article, but here is a later post by the original person that explains what happened later.
Quote by snoofle in the thread linked to in the original story: "It took me about 10 minutes to restrict the privileges (mostly just adding a row to a permissions table and adding a 2 line check), and a couple of log statements. The QA folks seemed amused by my comments on the change request until they called to check and realized I was dead serious. They pushed it through and tested it in 10 minutes, then made a very public email about expediting this critical security patch into prod ASAP. I just got special permission to push it to prod mid-day. Emails are flying cc'd to everyone - this BA is toast!
Addendum: apparently everyone hates this guy, and they're using this little patch as a reason to bury him. The oversight folks decided that instead of firing this guy, they would force him to be (effectively) demoted, have his privileges severely curtailed, and be completely humiliated. He's going to have to find another job. If nothing else, he'll never ask me for another favor :) "
Admin
Tampering with mailboxes is a felony offense. </DazedAndConfused>
Admin
Was this a financial accounting system?
If so, the BA should be put to death.
Admin
It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.
Since destroying evidence of a crime is itself a crime, the worst outcome is that the BA and the programmer end up in adjacent prison cells.
Admin
TRWTF is that the BA wasn't fired on the spot when he was discovered cooking the books
Admin
Well, at my company business analysts handle everything from reporting (ad-hoc and building new) to building software tools to larger "blue sky" projects. (Not one myself, but I work with that group rather closely - good people).
As for why it's funny - I think the general act of "hey, I need you to make a change, completely against rules, to cover my heiney" is pretty hilarious. I'd have at least come up with a barely-plausable cover story instead of just flat-out admitting my crimes. So, filing the change request as "making changes to save Bob's job" has a certain... poetry to it.
Admin
I disagree with the way you took it. His change request was to "eliminate code that the BA used to cook the books". That needs to be removed pronto, you can save or print off copies if you need evidence. If you don't eliminate that code, who's to say the books won't continue to be cooked ? So in a way, the request was necessary and could prevent further offenses.
Admin
"Destroying the evidence" would be if OP destroyed log records of BA's activity. Thanks God for source control system.
Admin
He wasn't destroying evidence, he was closing a hole so that it couldn't happen again. Since it was being done in the CM system, the evidence shouldn't be destroyed.....
Looks like he CYAed pretty well, and he DOCUMENTED what happened and why.....that isn't an accessory to a crime. That's reporting a crime, which still isn't illegal in most countries.
Admin
Beware of a disgruntled BA coming in with a shotgun. I'm sure your office is circled in red marker on his plans. ;)
Admin
Admin
Admin
BA my arse. That guy is Executive material.
Admin
I can't disagree with that. If he wasn't in management, he would have been fired on the spot. I wouldn't be surprised if his boss told him to do it.
Admin
Not a problem for those of us with concealed carry permits
:)
As for the rest of you, good luck.
Admin
Sorry, but despite what they called you, you were not a BA.
For the rest of you, here's a definition from wikipedia:
"A business analyst works as a liaison among stakeholders in order to elicit, analyze, communicate and validate requirements for changes to business processes, policies and information systems. The business analyst understands business problems and opportunities in the context of the requirements and recommends solutions that enable the organization to achieve its goals."
It's actually pretty good work if you enjoy process engineering. Management tends to give BAs significant power to change things (great if you hate beauracracy) and the pay is nothing to laugh at. A BA can make very good money depending on the scope of what he oversees. In fact, for us geeks, you can even land a role whereby part of what you do would fall into the BA domain. Unlike being a code monkey, combining your IT skills with business skills as a highly technical BA is outsource-proof and will make you popular with the gold diggers.
Admin
The one solid conclusion I have come to about a BA's responsibilities is that they are completely different at every company.
The BA's here are responsible for writing functional specs and verifying code changes. They also serve as another layer between our account execs (who deal with the customers directly) and us web weenies. Just to make sure the web developers never have to deal with human contact outside of our company.
At my previous job, the BA's should have been titled PM's.
Admin
Now this would make the BOFH proud.
Admin
This is actually a good description of the sorts of work I'd like - not so much as process engineering, but deciding what sort of widget to build. Also describes a decent portion of what I've been doing off and on at the current place.
Admin
Admin
I think missed the part about the QA team asking him if he was serious, emails flying around the office about the hilarity of the situation and the eventual demotion and "cooking" of the guy.
Admin
Awwww one of my first flame war threads. /cry
Admin
Who let you out of MySpace again?
Admin
Hi Folks, OP here... I didn't cover anything up. The folks who caught this guy mandated that a change be made, that the BA was responsible for seeing that it went through, and that they'd be checking up on him to make sure it was done. He just wanted me to do it quietly so as to make as few people aware of the fact that he abused his authority.
If I had slipped it through, I would have been guilty of bypassing rules and procedures, not covering up what he did. However, I have a certain code of ethics and this was over the line - especially with this particular person.
Normally, I'd try to help someone out, but this guy was also a "Sponsor", THE Sponsor, so lovingly referred to in another post, and he truly deserved to be flamed, broiled and fricasseed.
Admin
Ah yes, reminds me of an incident many years ago. A very senior member of staff tried to instruct a secretary to help him do something similarly dubious. (She was very junior, but was considered sufficiently trustworthy to have certain privileges unavailable to most staff.) She asked my advice. I asked the QA manager's advice. He consulted the MD. MD had a quiet chat with the secretary and then a less quiet chat with the senior member of staff. Senior member of staff found himself pursuing other opportunities earlier than foreseen.
Admin
I know there's probably specifics you can't go into and it sounds like it's still ongoing (as in, this guy hasn't left yet) but I have two questions which you probably also can't answer.
It sounds like this guy literally broke the law using a code exploit. Why hasn't anyone called the authorities yet?
Short of calling the authorities, why hasn't the company fired the guy? He cooked the books, opened them up for serious SOX compliance liability and lawsuits, and their answer is basically demote him and make him miserable so he'll quit? That sounds kinda like not having the balls to dump your girlfriend so you piss her off enough to dump you.
Admin
Sounds like he really threw this guy under the bus. I think the real WTF is that the poster seems to take so much joy in it.
Admin
Admin
I hope this was all documented in source control. The diffs would be quite amusing:
Changelog:
REMOVED LINE 69: sinister_module::cook(&books);
ADDED LINE 69: // sinister_module::cook(&books); // Change requested by B.A.
Admin
Yes, this is (still) happening as we speak...
There's way more to this story, but I won't be able to post for a couple of months.
Stay tuned...
Admin
As with most systems, there is an administrative module that is used to correct internal-state when something goes horribly wrong (unexpected input due to bad data from another system, etc). This pretty much allowed you to bypass the validation code in order to make corrections requested by the financial users. Of course, everything was logged, recorded and reported periodically. Only trusted support folks were given access to this module.
The problem was that this guy was given access to this module (he really shouldn't have been) and he started using it to change legitimate records (which he had no business doing). There was a clear audit trail. The net totals were the same but he was shifting assets between accounts to make the records look more balanced - he didn't actually take anything - that's why nobody noticed.
Once he opened his mouth (after about 4 weeks of doing this), they asked us to produce the logs, which clearly showed where the changes were being made, and by whom.
The fix basically added a new permission code to allow someone to read everyone's books, but not change them, and then just check for it in the code. This guy was reduced from RW-all to R-all.
As stated previously, there's more to this, but I can't post at this time...
Admin
... why is this funny? I wouldn't do that do a colleague.
The submitter is a rat ... and he takes pleasure on it.
You are the equivalent of a teacher's pet.
Admin
... why is this funny? I wouldn't do that do a colleague.
The submitter is a rat ... and he takes pleasure on it.
You are the equivalent of a teacher's pet.
Admin
OK, I shouldn't respond to an obvious troll but... you're saying you're willing to get fired because a colleague asked you to break the rules of your job?
Admin
Funny, thats pretty much what my job description said. The reality was quite different.
Admin
Admin
Admin
No, never worked anywhere near there. I thought that cynical phrase was fairly well known here, which is why I used it. (I can't recall the exact words that were actually used to describe his departure.)
Admin
Because he asked you to be an accessory to fraud?
Admin
Admin
Admin
Correct. The IIBA (International Institute of Business Analysis) agrees that responsibilities vary A LOT. That's why it would be possible in some companies for BAs to do book-cooking activities by themselves, but would need a collaborator in other organisations. I've only worked in one place (as a BA - not counting developer roles where I also had BA responsibilities) where I'd be able to do it myself.
I agree with another poster, finding a developer role that includes some BA responsibilities is a great way to future-proof/offshore-proof your career. In my case it was how I made the jump into full-time BA roles, but it works for people who want to keep the programming side of their job too.
Admin
The OP paints a perfect picture of constructive dismissal. Better hope the soon-to-be-ex-BA's law firm doesn't find this post, for they will have a field day with it.
Admin
The only part I think was really 'bad' was the comments the OP made on the change request. To refuse to deviate from the procedure at work is good on him/her.
The only thing I don't understand is why user permissions are stored in CM? Do they really change that infrequently? Where I work, none of that stuff is even stored anywhere unless we do it as a worst case scenario, emergency backup for the production systems. But of course, our systems are for something very different than OPs.
Typically though, asking a developer to deviate from CM is like asking a religious person to ignore their commandments.