System owners _and_amp; developers responsibility.. 416



  • Our programming dept only has 2 programmers. I have heard that we HAVE to not only designate a specific programmer to each system on our iSeries, but also a system owner to Authorize changes.
    Since there are only 2 of us, we both know each system well and never really get assigned a project because of the system it is in. Also, our controller has always been the one to pass down request for changes, therefore would it be correct to name him as the Owner of everything?
    Is this true?
    –angi



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • It sounds like you may have some separation of duty issues in IT.
    You should also have a business person as the system owner who not is approving changes but also access to the system. The controller or accountant is a good person for the Financials but there are other areas like purchasing and HR that need to be considered too. You don’t want the same person approving/having access to purchasing and accounts payable.



  • What you want to have is a IT general control like change mangement. And this for finanically significant applications. This indicates, that this doesn’t necessarily affect all of your systems. And this also doesn’t requries a permanent assignment of programmers to one specific system.
    From my point of view belongs any financial application to a business department e.g. SAP FI to the accounting department. They initiate any change to the application. They have to define the rationale for the change, maybe spend the budget and finally do the user acceptence test and agree on the change made.
    The IT dept. has to carry out the programming and after the uat the move into the production environment.
    In addition you will have applications which entirely belong to the IT dept. in terms of ownership. It would make sense to apply the same mechanism also to this applications.
    And of course you need key controls in this process… :lol:



  • Apologies if my previous post was confusing - I found I was missing an ‘only’ in there - what I meant to say was the same as holger - that the system owner should not ONLY approve the changes but also be responsible for the access, testing, etc.


Log in to reply