IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 3:Data Management Systems

IT Auditing & Assurance, 2e, Hall & Singleton

DATA-FLAT FILES e.g., Figure 3.1 [p.94]

Disadvantages Data storage Data updating Currency of information Task-data dependency (limited access) Data integration (limited inclusion)

Do not use accounting data to support decisions

Manipulate existing data to suit unique needs Obtain additional private sets of data,

incurring costs and operational problems

IT Auditing & Assurance, 2e, Hall & Singleton

DATA-DATABASE

e.g., Figure 3.2 [p.96]

How database approach eliminates the five disadvantages of flat files Data storage Data updates Currency of information Task-data dependency (limited

access) Data integration (limited inclusion)

IT Auditing & Assurance, 2e, Hall & Singleton

CENTRALIZED DATABASE SYSTEM

Figure 3.3 [p.98]

Database Environment DBMS Users Database administrator Physical database

IT Auditing & Assurance, 2e, Hall & Singleton

DBMS

Typical features

Program development

Backup and recovery

Database usage reporting

Database access

IT Auditing & Assurance, 2e, Hall & Singleton

DBMS

Data definition language (DDL)

Views Figure 3.4 [p.99]

Internal / physical view

Conceptual / logical view

External / user view

IT Auditing & Assurance, 2e, Hall & Singleton

USERS Formal access: application interfaces Data manipulation language (DML) DBMS operations: 7 steps [Figure 3.4]

Informal access: query

Define query

SQL is industry de facto standard query language Select, from, where commands Review Figure 3.5 [p.101] – SQL process

QBE

IT Auditing & Assurance, 2e, Hall & Singleton

DBA

DBA Manages the database resources

Table 3.1 [p.102]

Database planning Database design Database implementation Database operations & maintenance Change & growth

Data dictionary Interactions [Figure 3-6, p.103]

IT Auditing & Assurance, 2e, Hall & Singleton

PHYSICAL DATABASE

Data structures Data organization

Sequential Random

Data access methods Data hierarchy

Attribute/field Record

Associations File Database Enterprise database

IT Auditing & Assurance, 2e, Hall & Singleton

DATABASE MODELS

Hierarchical

Network

Relational

IT Auditing & Assurance, 2e, Hall & Singleton

RELATIONAL MODEL: 2-dimensional

IT Auditing & Assurance, 2e, Hall & Singleton

RELATIONAL MODEL - TERMS

TABLE = file

COLUMN = field

ROW = record

IT Auditing & Assurance, 2e, Hall & Singleton

RULE #1

Entries in the table cells MUST be single-valued

Cannot be null Cannot be multi-values Example

IT Auditing & Assurance, 2e, Hall & Singleton

RULE #2

“Consistency” applies to columnar values – same class

IT Auditing & Assurance, 2e, Hall & Singleton

RULE #3

Column names are distinct

Example “cost” for sales price and unit cost columns

IT Auditing & Assurance, 2e, Hall & Singleton

RULE #4

Each row contains distinctively different data from all other rows

Requires use of “key field(s)”

IT Auditing & Assurance, 2e, Hall & Singleton

Figure 3-13, p. 112

RELATIONAL MODEL

IT Auditing & Assurance, 2e, Hall & Singleton

DATABASE IN DDP Data concurrency problem

Deadlock (illustrated in Figure 3-17, p. 118)

Time 1: User 1 loads File A, User 2 loads File C User 3 loads File E

Time 2: User 1 locks File A, User 2 locks File C, User 3 locks File E

Time 3: User 1 tries to load File C … “wait”User 2 tries to load File E … “wait”Use 3 tries to load File A … “wait”

DEADLOCK!!

Deadlock Resolution

IT Auditing & Assurance, 2e, Hall & Singleton

DATABASE IN DDP

Distributed database Partitioned Replicated

Concurrency control Classified Time-stamps

IT Auditing & Assurance, 2e, Hall & Singleton

CONTROLLING & AUDITING DBMS

Access controls User views / subschema [see Figure 3-20,

p.121] Database authorization table [Table 3-3,

p.122] User-defined procedures

Mother’s maiden name Data encryption Biometric devices Inference controls (query)

example (p. 123)

IT Auditing & Assurance, 2e, Hall & Singleton

CONTROLLING & AUDITING DBMS:Audit Procedures

Tables and subschemas Review policy and job descriptions Examine programmer authority tables for access to

DDL Interview programmers and DBA

Appropriate access authority Biometric controls Inference controls Encryption controls

OBJECTIVE: Verify that database access authority and privileges are granted to users in accordance with legitimate needs.

IT Auditing & Assurance, 2e, Hall & Singleton

CONTROLLING & AUDITING DBMS:Audit Procedures

Backups

Logs

Checkpoint

Recovery module

OBJECTIVE: Verify that backup controls in place are effective in protecting data files from physical damage, loss, accidental erasure, and data corruption through system failures and program errors.

IT Auditing & Assurance, 2e, Hall & Singleton

CONTROLLING & AUDITING DBMS:Audit Procedures

OBJECTIVE: Verify that controls over the data resource are sufficient to preserve the integrity and physical security of the database.

IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 3:Data Management Systems