Month: August 2008

How to write IT Procedure for Audit.

This is an unusual post for me, today I will not talk about C#, or about Design Patterns or about SQL but about IT audit.

In the past I have worked in a couple of banks in Switzerland and as a consultant. Now I’m working as an IT Manager in a finance company in Bermuda. One of the most non valued and non considered process in the IT departments are the procedures and technical manuals.
But not for me.
In my opinion one of the most important thing in a well maintained system is to keep live and up to date the procedures and the technical manuals. In this way in case of failure, in case of modify and in case of audit, the IT department will be ready to fly!!

Unfortunately Google doesn’t give us a lot of suggestions and examples, so I want to share with you my knowledge.

What’s an IT procedure?

An IT procedure is a document, manual that explain a process or a system in a well knows format, readable also by non-IT people. The document must contains some critical information that I will classify today for you.

Please don’t create IT procedure with 10 thousand different font and colors, because it’s an official technical document and non a graphic challenge!!

Main Structure.

Starting by the name, the document must represent what you are talking for. For example, if the document represent a backup procedure, the correct name syntax should be [PIT] [number] [procedure], where PIT means Procedure Information Technology, the number is a unique GUID assigned to the document, and the name in our example should be Backup procedure.

After the cover we should add the approval section. This section must be signed to give to the document a real mean.


After the approval we have to add the Table of Content and to accomplish this step, if you’re using word, you can simply add a table of content object and use the Header 123456 to represent the various section of your manual.

The various sections.

Every section of the document should represent a particular information. You don’t have to create a section for every step of the procedure, that part is the process section … Let’s see what I’m talking about.

Principal section [procedure name].

In this section you should explain the process you are going to document and add some extra sub section like: objective, description, scope, priority …

Authorization and roles.

In this section you should explain who is involved in the process, which are the responsibilities and so on. Sub section are: authorization, roles (brief description), people involved in the manual.


This is the detailed section of the previous one. For every roles present in the procedure you have to create a subsection that explain in details the role, the scope of the role and the people who take part in the role.


This section explains in details the process. I cannot make an example because for every process there different steps, but let’s try to imagine a backup procedure, the subsection could be: backup process, verify process and restore process.

Don’t forget to add a schematic flow that describe the process in all its content. Should be a diagram, a work flow or whatever you consider right.

Request forms.

If the process contains one or more forms, here is the place where you have to add a small screen shot of these forms, for every form you should create a subsection that describe the form instead.

Key contacts.

The key contacts is often the final section of an IT procedure. Here you have to add all the people involved in the document and in the process, why you should contact one of them, the exact role described previously in the document and so on …

External links.

I suggest some articles (my blog is not a bible for nobody) that can help you.

How to write an audit approach

How to write procedure to increase control

How to write a standard operating procedure (IT specific)

Compliance books (ASAP my personal one)

Hope this will be helpful for someone. And enjoy your audit!!

Bermuda relocation, fake expectations?

I want to post something about what you’re heard about Bermuda and a balance of wrong and true.

Bermuda is a bad move for your career?

Bermuda it used to be a halfway house on the road to professional oblivion for expat business types who were either tipsy or incompetent or both, but not any more. You can find very professional people in Accounting, IT and Financial area.

Everything is expensive?

Actually, also if we compare Bermuda to Europe after the Euro, Bermuda is merely expensive. A month rent for an house could be from 2000 to 20000 this is true, but with a salary of 6000 you can live good and save something, and the lowest rate salary here is 65000 USD annual.

Bermuda has racial problem?

First of all, is there any place without racial problem, come on!!
There are differences of opinion from race to race, this is true, and the black point of you is a little bit more expressed here. Nobody is disadvantaged economically and educationally or in access to complete healthcare.

Expact are third class citizens?

It could be for something, but not for your career. You can join financial companies here where all the management team is not Bermudans and also you can find good landlord that accept only expat people.
In another way you can find some places where if you aren’t Bermudans, you have to wait to be served.

Is Bermuda suitable for Gay?

Definitively I can say NO! I’m married and I’m getting in touch with a lot of local and expat people, but if I have to be honest, Gay here are not considered.
Homosexual behavior here was illegal until 10 years ago, yeah I’m saying illegal, so you can imagine how is the local culture about Gays.

What about the hurricane?

I came from Europe, Italy, and definitively we don’t have any Hurricane, Cyclone or stuff like that. Bermuda’s people for century have built houses and offices as if they were under constant cannon ball. The most hard was Fabian in 2004 and 4 people were killed, but Bertha this here has passed with a power of 1 and nothing has changed. I can say that here is more pretty safe and organized than in U.S.A. about hurricane.

Guys this is what I can say about my 4 months experience in this Island.
If want to ask me something more (I’m not an expert) contact me, maybe I can suggest you. 

Upgrade to SubText V 2.0.

This guide is made for who already has SubText installed and wants to upgrade to the latest release, the V 2.0.


First of all, starting from the version 1.9 subtext requires the ASP.NET 2.0 so be sure that your web server, or your hosting provider can give you the way to change the ASP.NET framework in IIS control panel.

You need a version of SQL Server.

Your blog user that access the Database MUST have temporally DBO permission in order to apply some changes to the Database.

First step, backup and upgrade new application.

First of all I suggest to you to backup your existing web site (SubText blog) and save the package locally in your computer or in a separate folder in your web site. In this way it should be very useful to rollback in case of failure.

Second step you should download from SubText web site the Version 2.0.

For a faster installation you should create into the wwwroot of your web server a new folder called subtext V 2.0 or something else and then redirect your domain to the new folder.

This is my situation on WH4L (Web Host for Life) web server:

New Picture

I have the wwwroot folder with two subtext package inside, the version 1.9.5 working and the new installation.

If your installation is an upgrade, download the appropriate package and delete the database file contained into the App_Data folder of the new package.

Merge Information.

Before start I suggest to verify everything like:

  1. Check your Host Admin panel located at http://yourblog.something/hostadmin and be sure to access in, otherwise you can run this query to reset your host admin password.
  2. Merge into the new web.config file the information from the old web.config of the previous configuration. Usually you should change information like: Database connection string, e-mail setting, Lightbox configuration and other third party configurations added previously to your blog. You can run a program like WinMerge very useful in this case. 
  3. Copy all the files you have customized into the new package. This include your image folder, it contains all the images of your old posts. Your video, example, personalized skin and other files you added after the installation of your previous package.

Upgrade the blog.

Now it’s time to go to your host panel and point the domain to the new folder. After do that it should be very easy to rollback to the previous version in case of failure.

If everything it’s done well, you should see this page:

if you are not logged in as an Administrator this is the page your users will see until you will finish the Upgrade process.


This is the page you will see if you are logged in as an administrator:


Issues with Web Host for Life.

My web host for life doesn’t recognize this tag in the web.config of the new package

    <add key=”.mp3″ value=”audio/mpeg”/>
    <add key=”.mp4″ value=”video/mp4″/>
    <add key=”.zip” value=”application/octetstream”/>
    <add key=”.pdf” value=”application/octetstream”/>
    <add key=”.wmv” value=”video/wmv”/>
    <add key=”.wma” value=”audio/wma”/>

Actually I have commented this section, I will let you know what to do.

Please Simone tell me what to do here. Thanks.

Beginning ASP.NET MVC, by Simone Chiaretta.

My friend Simone Chiaretta is writing his first book about Beginning ASP.NET MVC in collaboration with Keyvan.

The book will be targeted to the developers that are not really focused on the MVC framework. This framework is new in Microsoft and it is still in a Beta version but personally, I’m using it and I have used this framework for two web project and it’s awesome!!

You can find a detailed series of articles about ASP.NET MVC, written by Simone on DotNetSlackers. I suggest to everybody to read them.

If you wanna read more details about the book, the Publishing date and related stuff, you can go directly to Simone weblog and read his post about, or go to Keyvan weblog and read his post about.


SubText blog engine, version 2.0 is out.

SubText is an open source Blog engine written with the Microsoft NET framework. Actually my English blog and also my italian blog are working with this blog engine.

After one year is out the new version, 2.0.

You can find the download here.


Simone Chiaretta a good friend of mine is one of the Developer contributor of this project, and he has released a series of posts about the new future in his blog:

  1. Publish in the future
  2. JS and CSS performance optimization
  3. Enclosures

If there is someone like me that are still using subtext in the version 1.9.5 or less, you can find here a detailed article about the upgrade procedure.

Enjoy SubText.

Microsoft Visual Studio and NET 3.5 Service pack.

Yesterday Microsoft has published, for all the Microsoft MSDN subscriber, the new service packs for Visual Studio 2008 and NET framework 3.5.

The service pack for Visual Studio 2008 is here.

The service pack for NET 3.5 is here.

Additional Notes.

I have installed first the Service Pack for the NET 3.5 that is not really heavy. After the installation I have rebooted my computer and everything was still working.

The I have installed the approximate 893 Mbyte of VS08 SP1 that it’s really heavy. All the project continue to work.

I want also to put in evidence, for all the people that are working with WPF and/or Silverlight and/or MVC; everything will continue to compile after this update, don’t worry.

Enjoy the Download!!