In our project a user is doing admin job of BPC as well.He is the sole user.Now auditor has objected to him maintaining the server and being user at same time. I am giving production support to BPC . Now I am supposed to make sox document and make a list of task which he should not do. Security/access is being maintained by me. Can some one give me some ideas or direction on this issue please ?