Presentation before 'exec' Pirmasens 20070921
- Where is the audit? To answer this, consider what the audit is. By way of a quick and informal illustration, it results in an opinion such as:
- Management
- puts in place procedures and policies
- that meets the criteria.
- And, the procedures and policies are followed.
- What are these policies and procedures? These are documents that you have to write; policies that you have to create and get approved.
- The board has approved these critical policies:
NRP D A L (Editor's note: that doc since withdrawn, replaced by RDL)
CAcertCommunityAgreement (was Registered User Agreement)
Principles (approved in Principle)
These are big changes, they must be understood and dealt with by all senior people. All Officers will have to:
- understand them
- explain them
- find the other people in their area and make sure that they understand them
- All Assurers will be trained and tested on these policies.
- Audit over the systems is still blocked by the systems not being migrated (and more precisely not under dual control).
The Board asserted that the board had as of this week gained control over all assets and was "in control." m20070919.1 Any residual oversight as asserted by Audit around December 2006 is now terminated, and the board is fully responsible for CAcert Inc. This means that the "no deals" restriction imposed by Audit is fully lifted.
R/L/O has now been documented in policy form (above). CAcert Inc and users may now approach partners with discussions on root lists and so forth. This also means that PublicRelationsOfficer may now be more proactive.
Board considered and approved a Proposal for Audit Funding. Note that the original proposal for funding was removed and replaced by actual agreements. See also m20070919.5