Configuring TURNOVER for Your Auditing Needs

Lesson Objectives

By the end of this lesson, you will be able to:

  • Understand how TURNOVER® for iSeries (now Lifecycle Manager) supports auditing requirements through traceable change management.
  • Implement key features like forms, reports, approvals, and archiving to ensure compliance with regulations such as Sarbanes-Oxley (SOX) or HIPAA.
  • Track a software change through its lifecycle using TURNOVER® tools, from request to deployment.
  • Configure settings for enhanced auditing, including mandatory approvals, source archiving, and report generation.
  • Identify best practices for using TURNOVER® in audited environments to demonstrate internal controls.

This summary condenses the 7-page supplement (v101, September 2018) into modules for IT administrators and auditors. It emphasizes configuration for traceability in IBM i change management. As of October 24, 2025, the product is TURNOVER® Lifecycle Manager (Release 2.100+), and while core auditing features persist, verify with current docs for enhancements like improved workflow enforcement or integrations.

Key Concepts

  • Auditing Context: Regulations require internal controls for software changes; TURNOVER® provides traceability from request to deployment.
  • Configuration Importance: Default installation isn't audit-ready; customize forms, approvals, and reports for compliance.
  • Lifecycle Tracking: Changes start with helpdesk requests, move through projects/tasks/worklists/forms, and end with audits via reports/history.
  • Key Features: Mandatory approvals, source/object archiving, error checks, and reports for evidence.
  • Prerequisites: TURNOVER® v101+ installed; familiarity with User Guide; cross-reference tools (e.g., Hawkeye) for dependencies.

Module 1: Introduction to Auditing with TURNOVER®

Why Use TURNOVER® for Audits?

  • Meets "best practices" for configuration management in regulated environments (e.g., SOX, HIPAA).
  • Ensures all changes are traceable: From initial request to final object deployment.
  • Out-of-box use insufficient; configure for controls like segregation of duties.

Software Lifecycle Overview

  • Request Entry: Use Helpdesk (Option 8) for problems/requests; link to projects/tasks.
  • Analysis/Assignment: Escalate, assign to programmers.
  • Development: Checkout/edit/compile via PWM.
  • Promotion: Forms automate moves with approvals/checks.
  • Deployment/Audit: Distribute, archive, report for verification.

Module 2: Key Features for Auditing

Forms and Approvals

  • Forms document changes: Include comments, pre/post commands, locks.
  • Mandate Approvals: Set in app definitions (e.g., require manager OK before production).
  • Error Checks: Interactive/batch to prevent issues; log for audits.

Archiving and History

  • Archive Sources/Objects: Enable in global defaults; store in ARCHIVESRC lib.
  • Object History (Option 4): View changes, who/when; essential for audits.

Reports (Option 10)

Use reports to prove controls:

Report TypePurposeKey Fields
Form StatusTrack form progress/approvalsForm number, status, approvers
Project SummaryLink changes to projects/tasksProject code, task details, hours
Object HistoryAudit trail of modificationsObject name, dates, users
Checkout ActivityMonitor reservationsUser, date, conflicts
  • Customize: Filter by date/range for auditor requests.

Security and Controls

  • User Classes: Restrict roles (e.g., programmers can't approve own forms).
  • Emergency Changes: Use dedicated app (Supplement #24) with logging.
  • Distributions: Audit remote sends via form logs.

Module 3: Implementing Auditing Configurations

Step-by-Step Setup

  1. Global Defaults: TURNOVER 1 > F22 > Utilities > Global Defaults > Enable archiving, approvals.
  2. App Definitions: Set levels with mandatory checks; define emergency apps.
  3. Helpdesk/Projects: Require linking all changes to traceable requests.
  4. PWM/Forms: Enforce sequencing, comments; use Option 48 for approvals.
  5. Testing: Simulate changes; generate reports to verify traceability.

Best Practices

  • Segregate Duties: Developers code, separate roles approve/promote.
  • Regular Audits: Schedule history/report reviews.
  • Training: Ensure users document changes thoroughly.

Assessment and Next Steps

  • Quiz Ideas: How does TURNOVER® ensure traceability? Key reports for SOX compliance? Steps to mandate approvals?
  • Practice: Configure an app with archiving/approvals; run a test change and generate audit reports.
  • Further Learning: User Guide (v101) for menus; Administrator’s Guide (Release 2.100) for advanced config; Supplements #14 (Change Process), #24 (Emergencies). Contact UNICOM support (tech.support@unicomsi.com or +1-603-924-8818) for 2025 updates or compliance templates.

Resources

Resource 1

 Download
Open
Done?
 Mark lesson complete
Previous Lesson
Next Lesson
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>