IT AUDIT - Data Management Systems
-
Upload
saxworship -
Category
Documents
-
view
321 -
download
0
description
Transcript of IT AUDIT - Data Management Systems
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 3:Data Management Systems
IT Auditing & Assurance, 2e, Hall & Singleton
DATA-FLAT FILES e.g., Figure 3.1 [p.94]
Disadvantages Data storage Data updating Currency of information Task-data dependency (limited access) Data integration (limited inclusion)
Do not use accounting data to support decisions
Manipulate existing data to suit unique needs Obtain additional private sets of data,
incurring costs and operational problems
IT Auditing & Assurance, 2e, Hall & Singleton
DATA-DATABASE
e.g., Figure 3.2 [p.96]
How database approach eliminates the five disadvantages of flat files Data storage Data updates Currency of information Task-data dependency (limited
access) Data integration (limited inclusion)
IT Auditing & Assurance, 2e, Hall & Singleton
CENTRALIZED DATABASE SYSTEM
Figure 3.3 [p.98]
Database Environment DBMS Users Database administrator Physical database
IT Auditing & Assurance, 2e, Hall & Singleton
DBMS
Typical features
Program development
Backup and recovery
Database usage reporting
Database access
IT Auditing & Assurance, 2e, Hall & Singleton
DBMS
Data definition language (DDL)
Views Figure 3.4 [p.99]
Internal / physical view
Conceptual / logical view
External / user view
IT Auditing & Assurance, 2e, Hall & Singleton
USERS Formal access: application interfaces Data manipulation language (DML) DBMS operations: 7 steps [Figure 3.4]
Informal access: query
Define query
SQL is industry de facto standard query language Select, from, where commands Review Figure 3.5 [p.101] – SQL process
QBE
IT Auditing & Assurance, 2e, Hall & Singleton
DBA
DBA Manages the database resources
Table 3.1 [p.102]
Database planning Database design Database implementation Database operations & maintenance Change & growth
Data dictionary Interactions [Figure 3-6, p.103]
IT Auditing & Assurance, 2e, Hall & Singleton
PHYSICAL DATABASE
Data structures Data organization
Sequential Random
Data access methods Data hierarchy
Attribute/field Record
Associations File Database Enterprise database
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE MODELS
Hierarchical
Network
Relational
IT Auditing & Assurance, 2e, Hall & Singleton
RELATIONAL MODEL: 2-dimensional
IT Auditing & Assurance, 2e, Hall & Singleton
RELATIONAL MODEL - TERMS
TABLE = file
COLUMN = field
ROW = record
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #1
Entries in the table cells MUST be single-valued
Cannot be null Cannot be multi-values Example
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #2
“Consistency” applies to columnar values – same class
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #3
Column names are distinct
Example “cost” for sales price and unit cost columns
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #4
Each row contains distinctively different data from all other rows
Requires use of “key field(s)”
IT Auditing & Assurance, 2e, Hall & Singleton
Figure 3-13, p. 112
RELATIONAL MODEL
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE IN DDP Data concurrency problem
Deadlock (illustrated in Figure 3-17, p. 118)
Time 1: User 1 loads File A, User 2 loads File C User 3 loads File E
Time 2: User 1 locks File A, User 2 locks File C, User 3 locks File E
Time 3: User 1 tries to load File C … “wait”User 2 tries to load File E … “wait”Use 3 tries to load File A … “wait”
DEADLOCK!!
Deadlock Resolution
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE IN DDP
Distributed database Partitioned Replicated
Concurrency control Classified Time-stamps
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS
Access controls User views / subschema [see Figure 3-20,
p.121] Database authorization table [Table 3-3,
p.122] User-defined procedures
Mother’s maiden name Data encryption Biometric devices Inference controls (query)
example (p. 123)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
Tables and subschemas Review policy and job descriptions Examine programmer authority tables for access to
DDL Interview programmers and DBA
Appropriate access authority Biometric controls Inference controls Encryption controls
OBJECTIVE: Verify that database access authority and privileges are granted to users in accordance with legitimate needs.
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
Backups
Logs
Checkpoint
Recovery module
OBJECTIVE: Verify that backup controls in place are effective in protecting data files from physical damage, loss, accidental erasure, and data corruption through system failures and program errors.
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
OBJECTIVE: Verify that controls over the data resource are sufficient to preserve the integrity and physical security of the database.
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 3:Data Management Systems