Posted - 2007.07.03 03:43:00 - [452
Among Eve's 200,000 or so active player base, isn't it reasonable to assume that there exist at lease a dozen people who are real-life experts on information security or corporate governance, familiar with Serbanes-Oxley, BS7799, database management, or any other skills and knowledge needed to audit CCP properly?
Sure, there is the problem of CCP being given advance warnings of such audits, but even then it is very hard to conceal irregularities from eyes that know where and what to look for. I have myself received training in information security auditing, and I could infer from published information that CCP needs to look into vetting and authorization of its in-game volunteers and GMs. I can't make recommendations without running a proper audit, but some form of monitoring by customers is a desirable step, as it gives staff and volunteers greater awareness.
One popular misconception about audits is that most people see audits as some form of inquisition, designed to hunt down misdeeds. In fact, audits are designed to review and improve the corporate mechanisms for preventing misdeeds and mitigating their effects. The misconception probably arose because only occasions when auditors appear on media are during major corporate scandals, when their whistleblowing (or failure to do so) becomes the news.