• (cs)

    Yay for SOX-compliance!

  • (cs)

    Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?

  • (cs) in reply to gabba
    gabba:
    why is it funny to rat him out?

    Why did he do it in the first place ? If he don't take the blame for it, somebody else might when somebody finally notices the system was altered.

  • (cs)

    Might want to update that Monster.com resume. When the manageriosphere starts losing money, people start losing jobs.

  • Common Sense (unregistered) in reply to gabba
    gabba:
    Well, ok, two questions: why is it funny to rat him out?

    Better yet, why is it NOT funny to rat him out? The dudes a complete moron with horrible business ethics. He should be fired. Not sure if anyone realizes this, but cooking the books can be a federal offense.

  • Erik (unregistered) in reply to gabba
    gabba:
    Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?

    It's funny to rat him out because the the alternative is being an accessory to a federal crime. If he had actually done what the BA had asked, and the crime had ever been discovered, he would be in a basket load of trouble for taking part in the cover-up.

  • Ben (unregistered)

    Not sure why this wasn't included in the original article, but here is a later post by the original person that explains what happened later.

    Quote by snoofle in the thread linked to in the original story: "It took me about 10 minutes to restrict the privileges (mostly just adding a row to a permissions table and adding a 2 line check), and a couple of log statements. The QA folks seemed amused by my comments on the change request until they called to check and realized I was dead serious. They pushed it through and tested it in 10 minutes, then made a very public email about expediting this critical security patch into prod ASAP. I just got special permission to push it to prod mid-day. Emails are flying cc'd to everyone - this BA is toast!

    Addendum: apparently everyone hates this guy, and they're using this little patch as a reason to bury him. The oversight folks decided that instead of firing this guy, they would force him to be (effectively) demoted, have his privileges severely curtailed, and be completely humiliated. He's going to have to find another job. If nothing else, he'll never ask me for another favor :) "

  • (cs) in reply to Common Sense
    Common Sense:
    <snip>... but cooking the books can be a federal offense.

    Tampering with mailboxes is a felony offense. </DazedAndConfused>

  • Keith (unregistered)

    Was this a financial accounting system?

    If so, the BA should be put to death.

  • Jonathan Tappan (unregistered)

    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.

    Since destroying evidence of a crime is itself a crime, the worst outcome is that the BA and the programmer end up in adjacent prison cells.

  • corey (unregistered)

    TRWTF is that the BA wasn't fired on the spot when he was discovered cooking the books

  • A Gould (unregistered) in reply to gabba
    gabba:
    Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?

    Well, at my company business analysts handle everything from reporting (ad-hoc and building new) to building software tools to larger "blue sky" projects. (Not one myself, but I work with that group rather closely - good people).

    As for why it's funny - I think the general act of "hey, I need you to make a change, completely against rules, to cover my heiney" is pretty hilarious. I'd have at least come up with a barely-plausable cover story instead of just flat-out admitting my crimes. So, filing the change request as "making changes to save Bob's job" has a certain... poetry to it.

  • (cs) in reply to Jonathan Tappan
    Jonathan Tappan:
    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.

    I disagree with the way you took it. His change request was to "eliminate code that the BA used to cook the books". That needs to be removed pronto, you can save or print off copies if you need evidence. If you don't eliminate that code, who's to say the books won't continue to be cooked ? So in a way, the request was necessary and could prevent further offenses.

  • (cs) in reply to Jonathan Tappan
    Jonathan Tappan:
    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.

    Since destroying evidence of a crime is itself a crime, the worst outcome is that the BA and the programmer end up in adjacent prison cells.

    "Destroying the evidence" would be if OP destroyed log records of BA's activity. Thanks God for source control system.

  • Geldhart (unregistered) in reply to Jonathan Tappan
    Jonathan Tappan:
    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.

    Since destroying evidence of a crime is itself a crime, the worst outcome is that the BA and the programmer end up in adjacent prison cells.

    He wasn't destroying evidence, he was closing a hole so that it couldn't happen again. Since it was being done in the CM system, the evidence shouldn't be destroyed.....

    Looks like he CYAed pretty well, and he DOCUMENTED what happened and why.....that isn't an accessory to a crime. That's reporting a crime, which still isn't illegal in most countries.

  • (cs)

    Beware of a disgruntled BA coming in with a shotgun. I'm sure your office is circled in red marker on his plans. ;)

  • ChiefCrazyTalk (unregistered) in reply to A Gould
    A Gould:
    gabba:
    Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?

    Well, at my company business analysts handle everything from reporting (ad-hoc and building new) to building software tools to larger "blue sky" projects. (Not one myself, but I work with that group rather closely - good people).

    As for why it's funny - I think the general act of "hey, I need you to make a change, completely against rules, to cover my heiney" is pretty hilarious. I'd have at least come up with a barely-plausable cover story instead of just flat-out admitting my crimes. So, filing the change request as "making changes to save Bob's job" has a certain... poetry to it.

    At my former company, BAs (including myself) were responsible for technical support and answering calls from (internal) users about "Why can't I log into the app" etc. That's why I left.

  • Ken B (unregistered) in reply to Jonathan Tappan
    Jonathan Tappan:
    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.
    Umm... It looks to me like he documented a request to make the change, or what changes were needed for the cover-up, not documenting that he actually made the change.
  • Teh Irish Gril Riot (unregistered)

    BA my arse. That guy is Executive material.

  • (cs) in reply to Teh Irish Gril Riot
    Teh Irish Gril Riot:
    BA my arse. That guy is Executive material.

    I can't disagree with that. If he wasn't in management, he would have been fired on the spot. I wouldn't be surprised if his boss told him to do it.

  • Joe (unregistered) in reply to Skaven
    Skaven:
    Beware of a disgruntled BA coming in with a shotgun. I'm sure your office is circled in red marker on his plans. ;)

    Not a problem for those of us with concealed carry permits

    :)

    As for the rest of you, good luck.

  • Joe (unregistered) in reply to ChiefCrazyTalk
    ChiefCrazyTalk:
    At my former company, BAs (including myself) were responsible for technical support and answering calls from (internal) users about "Why can't I log into the app" etc. That's why I left.

    Sorry, but despite what they called you, you were not a BA.

    For the rest of you, here's a definition from wikipedia:

    "A business analyst works as a liaison among stakeholders in order to elicit, analyze, communicate and validate requirements for changes to business processes, policies and information systems. The business analyst understands business problems and opportunities in the context of the requirements and recommends solutions that enable the organization to achieve its goals."

    It's actually pretty good work if you enjoy process engineering. Management tends to give BAs significant power to change things (great if you hate beauracracy) and the pay is nothing to laugh at. A BA can make very good money depending on the scope of what he oversees. In fact, for us geeks, you can even land a role whereby part of what you do would fall into the BA domain. Unlike being a code monkey, combining your IT skills with business skills as a highly technical BA is outsource-proof and will make you popular with the gold diggers.

  • (cs)

    The one solid conclusion I have come to about a BA's responsibilities is that they are completely different at every company.

    The BA's here are responsible for writing functional specs and verifying code changes. They also serve as another layer between our account execs (who deal with the customers directly) and us web weenies. Just to make sure the web developers never have to deal with human contact outside of our company.

    At my previous job, the BA's should have been titled PM's.

  • Dalen (unregistered) in reply to Ben

    Now this would make the BOFH proud.

  • Franz Kafka (unregistered) in reply to Joe
    Joe:
    ChiefCrazyTalk:
    At my former company, BAs (including myself) were responsible for technical support and answering calls from (internal) users about "Why can't I log into the app" etc. That's why I left.

    Sorry, but despite what they called you, you were not a BA.

    For the rest of you, here's a definition from wikipedia:

    "A business analyst works as a liaison among stakeholders in order to elicit, analyze, communicate and validate requirements for changes to business processes, policies and information systems. The business analyst understands business problems and opportunities in the context of the requirements and recommends solutions that enable the organization to achieve its goals."

    It's actually pretty good work if you enjoy process engineering. Management tends to give BAs significant power to change things (great if you hate beauracracy) and the pay is nothing to laugh at. A BA can make very good money depending on the scope of what he oversees. In fact, for us geeks, you can even land a role whereby part of what you do would fall into the BA domain. Unlike being a code monkey, combining your IT skills with business skills as a highly technical BA is outsource-proof and will make you popular with the gold diggers.

    This is actually a good description of the sorts of work I'd like - not so much as process engineering, but deciding what sort of widget to build. Also describes a decent portion of what I've been doing off and on at the current place.

  • Tom (unregistered)
    Sorry, but despite what they called you, you were not a BA.
    I think that's why he left...
  • Massive Block (unregistered) in reply to Jonathan Tappan
    Jonathan Tappan:
    It sounds like the BA asked the programmer to cover up evidence of a crime and the programmer agreed to do so, but documented the change with a CM entry ADMTTING TO HAVING DONE SO.

    Since destroying evidence of a crime is itself a crime, the worst outcome is that the BA and the programmer end up in adjacent prison cells.

    I think missed the part about the QA team asking him if he was serious, emails flying around the office about the hilarity of the situation and the eventual demotion and "cooking" of the guy.

  • (cs)

    Awwww one of my first flame war threads. /cry

  • (cs) in reply to Lysis
    Lysis:
    Awwww one of my first flame war threads. /cry

    Who let you out of MySpace again?

  • (cs)

    Hi Folks, OP here... I didn't cover anything up. The folks who caught this guy mandated that a change be made, that the BA was responsible for seeing that it went through, and that they'd be checking up on him to make sure it was done. He just wanted me to do it quietly so as to make as few people aware of the fact that he abused his authority.

    If I had slipped it through, I would have been guilty of bypassing rules and procedures, not covering up what he did. However, I have a certain code of ethics and this was over the line - especially with this particular person.

    Normally, I'd try to help someone out, but this guy was also a "Sponsor", THE Sponsor, so lovingly referred to in another post, and he truly deserved to be flamed, broiled and fricasseed.

  • Dazed (unregistered)

    Ah yes, reminds me of an incident many years ago. A very senior member of staff tried to instruct a secretary to help him do something similarly dubious. (She was very junior, but was considered sufficiently trustworthy to have certain privileges unavailable to most staff.) She asked my advice. I asked the QA manager's advice. He consulted the MD. MD had a quiet chat with the secretary and then a less quiet chat with the senior member of staff. Senior member of staff found himself pursuing other opportunities earlier than foreseen.

  • Schnapple (unregistered) in reply to snoofle
    snoofle:
    Hi Folks, OP here... I didn't cover anything up. The folks who caught this guy mandated that a change be made, that the BA was responsible for seeing that it went through, and that they'd be checking up on him to make sure it was done. He just wanted me to do it quietly so as to make as few people aware of the fact that he abused his authority.

    If I had slipped it through, I would have been guilty of bypassing rules and procedures, not covering up what he did. However, I have a certain code of ethics and this was over the line - especially with this particular person.

    Normally, I'd try to help someone out, but this guy was also a "Sponsor", THE Sponsor, so lovingly referred to in another post, and he truly deserved to be flamed, broiled and fricasseed.

    I know there's probably specifics you can't go into and it sounds like it's still ongoing (as in, this guy hasn't left yet) but I have two questions which you probably also can't answer.

    1. It sounds like this guy literally broke the law using a code exploit. Why hasn't anyone called the authorities yet?

    2. Short of calling the authorities, why hasn't the company fired the guy? He cooked the books, opened them up for serious SOX compliance liability and lawsuits, and their answer is basically demote him and make him miserable so he'll quit? That sounds kinda like not having the balls to dump your girlfriend so you piss her off enough to dump you.

  • (cs)

    Sounds like he really threw this guy under the bus. I think the real WTF is that the poster seems to take so much joy in it.

  • Dazed (unregistered) in reply to Schnapple
    Schnapple:
    1. It sounds like this guy literally broke the law using a code exploit. Why hasn't anyone called the authorities yet?
    Only guessing here (the OP may or may not wish to comment) but it could be he was fiddling internal bookings to make his department/project look good, but which didn't have any effect on the company's results as a whole. In which case it would have been against company rules but not actually illegal (probably).
  • Matt (unregistered)

    I hope this was all documented in source control. The diffs would be quite amusing:

    Changelog:

    REMOVED LINE 69: sinister_module::cook(&books);

    ADDED LINE 69: // sinister_module::cook(&books); // Change requested by B.A.

  • (cs) in reply to Dazed
    Dazed:
    Schnapple:
    1. It sounds like this guy literally broke the law using a code exploit. Why hasn't anyone called the authorities yet?
    Only guessing here (the OP may or may not wish to comment) but it could be he was fiddling internal bookings to make his department/project look good, but which didn't have any effect on the company's results as a whole. In which case it would have been against company rules but not actually illegal (probably).
    Bingo! And to a prior poster, yes, they tried to make him so miserable that he would quit (I didn't know this at the time this started, but apparently this guy was highly recommended by someone very high up, and so was hired and given way more authority than he should have been given without having to have actually earned it. As such, stepping, Ok, stomping on his toes would normally be a career killer but he stepped in it so deep before he came to me that there was no way I was going to bend the rules in the slightest to cover for him).

    Yes, this is (still) happening as we speak...

    There's way more to this story, but I won't be able to post for a couple of months.

    Stay tuned...

  • (cs) in reply to Matt
    Matt:
    I hope this was all documented in source control. The diffs would be quite amusing:

    Changelog:

    REMOVED LINE 69: sinister_module::cook(&books);

    ADDED LINE 69: // sinister_module::cook(&books); // Change requested by B.A.

    For the record, it wasn't that there was some code that had to be deleted...

    As with most systems, there is an administrative module that is used to correct internal-state when something goes horribly wrong (unexpected input due to bad data from another system, etc). This pretty much allowed you to bypass the validation code in order to make corrections requested by the financial users. Of course, everything was logged, recorded and reported periodically. Only trusted support folks were given access to this module.

    The problem was that this guy was given access to this module (he really shouldn't have been) and he started using it to change legitimate records (which he had no business doing). There was a clear audit trail. The net totals were the same but he was shifting assets between accounts to make the records look more balanced - he didn't actually take anything - that's why nobody noticed.

    Once he opened his mouth (after about 4 weeks of doing this), they asked us to produce the logs, which clearly showed where the changes were being made, and by whom.

    The fix basically added a new permission code to allow someone to read everyone's books, but not change them, and then just check for it in the code. This guy was reduced from RW-all to R-all.

    As stated previously, there's more to this, but I can't post at this time...

  • wtf? (unregistered)

    ... why is this funny? I wouldn't do that do a colleague.

    The submitter is a rat ... and he takes pleasure on it.

    You are the equivalent of a teacher's pet.

  • wtf? (unregistered)

    ... why is this funny? I wouldn't do that do a colleague.

    The submitter is a rat ... and he takes pleasure on it.

    You are the equivalent of a teacher's pet.

  • Schnapple (unregistered) in reply to wtf?
    wtf?:
    ... why is this funny? I wouldn't do that do a colleague.

    The submitter is a rat ... and he takes pleasure on it.

    You are the equivalent of a teacher's pet.

    OK, I shouldn't respond to an obvious troll but... you're saying you're willing to get fired because a colleague asked you to break the rules of your job?

  • ChiefCrazyTalk (unregistered) in reply to Joe
    Joe:
    ChiefCrazyTalk:
    At my former company, BAs (including myself) were responsible for technical support and answering calls from (internal) users about "Why can't I log into the app" etc. That's why I left.

    Sorry, but despite what they called you, you were not a BA.

    For the rest of you, here's a definition from wikipedia:

    "A business analyst works as a liaison among stakeholders in order to elicit, analyze, communicate and validate requirements for changes to business processes, policies and information systems. The business analyst understands business problems and opportunities in the context of the requirements and recommends solutions that enable the organization to achieve its goals."

    It's actually pretty good work if you enjoy process engineering. Management tends to give BAs significant power to change things (great if you hate beauracracy) and the pay is nothing to laugh at. A BA can make very good money depending on the scope of what he oversees. In fact, for us geeks, you can even land a role whereby part of what you do would fall into the BA domain. Unlike being a code monkey, combining your IT skills with business skills as a highly technical BA is outsource-proof and will make you popular with the gold diggers.

    Funny, thats pretty much what my job description said. The reality was quite different.

  • (cs) in reply to Dazed
    Dazed:
    Senior member of staff found himself pursuing other opportunities earlier than foreseen.
    Do I know you? Do or did you work in downtown Dallas? My place of employment is well known for announcing that someone has "left to pursue other opportunities" to indicate they have been canned. I've not heard it used anywhere else.
  • (cs) in reply to snoofle
    snoofle:
    ...apparently this guy was highly recommended by someone very high up... Yes, this is (still) happening as we speak... There's way more to this story, but I won't be able to post for a couple of months.

    Stay tuned...

    As I said above, you might want to freshen up that Monster.com resume. There's no knowing who, with how much power, had a hand in this pot. When top management is playing dirty, whistle-blowers are not seen as an asset to the company.

  • Dazed (unregistered) in reply to FredSaw
    FredSaw:
    Dazed:
    Senior member of staff found himself pursuing other opportunities earlier than foreseen.
    Do I know you? Do or did you work in downtown Dallas? My place of employment is well known for announcing that someone has "left to pursue other opportunities" to indicate they have been canned. I've not heard it used anywhere else.

    No, never worked anywhere near there. I thought that cynical phrase was fairly well known here, which is why I used it. (I can't recall the exact words that were actually used to describe his departure.)

  • sweavo (unregistered) in reply to gabba
    gabba:
    Quite entertaining. One question: what's a business analyst? Well, ok, two questions: why is it funny to rat him out?

    Because he asked you to be an accessory to fraud?

  • (cs) in reply to FredSaw
    FredSaw:
    snoofle:
    ...apparently this guy was highly recommended by someone very high up... Yes, this is (still) happening as we speak... There's way more to this story, but I won't be able to post for a couple of months.

    Stay tuned...

    As I said above, you might want to freshen up that Monster.com resume. There's no knowing who, with how much power, had a hand in this pot. When top management is playing dirty, whistle-blowers are not seen as an asset to the company.
    This guy blew the whistle on himself. That notwithstanding, it hit the fan, big time; it went all the way up; it turns out that this was just the tip of the iceberg. I've already hit the streets looking, for those reasons, and a few more which I can't yet post.

  • Man 987876980 (unregistered) in reply to snoofle
    snoofle:
    I've already hit the streets looking, for those reasons, and a few more which I can't yet post.
    Did he touch your special place?
  • (cs) in reply to akatherder
    akatherder:
    The one solid conclusion I have come to about a BA's responsibilities is that they are completely different at every company.

    Correct. The IIBA (International Institute of Business Analysis) agrees that responsibilities vary A LOT. That's why it would be possible in some companies for BAs to do book-cooking activities by themselves, but would need a collaborator in other organisations. I've only worked in one place (as a BA - not counting developer roles where I also had BA responsibilities) where I'd be able to do it myself.

    I agree with another poster, finding a developer role that includes some BA responsibilities is a great way to future-proof/offshore-proof your career. In my case it was how I made the jump into full-time BA roles, but it works for people who want to keep the programming side of their job too.

  • Oofy Prosser (unregistered)

    The OP paints a perfect picture of constructive dismissal. Better hope the soon-to-be-ex-BA's law firm doesn't find this post, for they will have a field day with it.

  • Trepan (unregistered) in reply to Oofy Prosser

    The only part I think was really 'bad' was the comments the OP made on the change request. To refuse to deviate from the procedure at work is good on him/her.

    The only thing I don't understand is why user permissions are stored in CM? Do they really change that infrequently? Where I work, none of that stuff is even stored anywhere unless we do it as a worst case scenario, emergency backup for the production systems. But of course, our systems are for something very different than OPs.

    Typically though, asking a developer to deviate from CM is like asking a religious person to ignore their commandments.

Leave a comment on “A Business Analyst's Views on QA”

Log In or post as a guest

Replying to comment #:

« Return to Article