IT AUDIT - Data Management Systems
-
Upload
saxworship -
Category
Documents
-
view
318 -
download
0
description
Transcript of IT AUDIT - Data Management Systems
![Page 1: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/1.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 3:Data Management Systems
![Page 2: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/2.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DATA-FLAT FILES e.g., Figure 3.1 [p.94]
Disadvantages Data storage Data updating Currency of information Task-data dependency (limited access) Data integration (limited inclusion)
Do not use accounting data to support decisions
Manipulate existing data to suit unique needs Obtain additional private sets of data,
incurring costs and operational problems
![Page 3: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/3.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DATA-DATABASE
e.g., Figure 3.2 [p.96]
How database approach eliminates the five disadvantages of flat files Data storage Data updates Currency of information Task-data dependency (limited
access) Data integration (limited inclusion)
![Page 4: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/4.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
CENTRALIZED DATABASE SYSTEM
Figure 3.3 [p.98]
Database Environment DBMS Users Database administrator Physical database
![Page 5: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/5.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DBMS
Typical features
Program development
Backup and recovery
Database usage reporting
Database access
![Page 6: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/6.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DBMS
Data definition language (DDL)
Views Figure 3.4 [p.99]
Internal / physical view
Conceptual / logical view
External / user view
![Page 7: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/7.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
USERS Formal access: application interfaces Data manipulation language (DML) DBMS operations: 7 steps [Figure 3.4]
Informal access: query
Define query
SQL is industry de facto standard query language Select, from, where commands Review Figure 3.5 [p.101] – SQL process
QBE
![Page 8: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/8.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DBA
DBA Manages the database resources
Table 3.1 [p.102]
Database planning Database design Database implementation Database operations & maintenance Change & growth
Data dictionary Interactions [Figure 3-6, p.103]
![Page 9: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/9.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
PHYSICAL DATABASE
Data structures Data organization
Sequential Random
Data access methods Data hierarchy
Attribute/field Record
Associations File Database Enterprise database
![Page 10: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/10.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE MODELS
Hierarchical
Network
Relational
![Page 11: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/11.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RELATIONAL MODEL: 2-dimensional
![Page 12: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/12.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RELATIONAL MODEL - TERMS
TABLE = file
COLUMN = field
ROW = record
![Page 13: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/13.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #1
Entries in the table cells MUST be single-valued
Cannot be null Cannot be multi-values Example
![Page 14: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/14.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #2
“Consistency” applies to columnar values – same class
![Page 15: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/15.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #3
Column names are distinct
Example “cost” for sales price and unit cost columns
![Page 16: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/16.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
RULE #4
Each row contains distinctively different data from all other rows
Requires use of “key field(s)”
![Page 17: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/17.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
Figure 3-13, p. 112
RELATIONAL MODEL
![Page 18: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/18.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE IN DDP Data concurrency problem
Deadlock (illustrated in Figure 3-17, p. 118)
Time 1: User 1 loads File A, User 2 loads File C User 3 loads File E
Time 2: User 1 locks File A, User 2 locks File C, User 3 locks File E
Time 3: User 1 tries to load File C … “wait”User 2 tries to load File E … “wait”Use 3 tries to load File A … “wait”
DEADLOCK!!
Deadlock Resolution
![Page 19: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/19.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE IN DDP
Distributed database Partitioned Replicated
Concurrency control Classified Time-stamps
![Page 20: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/20.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS
Access controls User views / subschema [see Figure 3-20,
p.121] Database authorization table [Table 3-3,
p.122] User-defined procedures
Mother’s maiden name Data encryption Biometric devices Inference controls (query)
example (p. 123)
![Page 21: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/21.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
Tables and subschemas Review policy and job descriptions Examine programmer authority tables for access to
DDL Interview programmers and DBA
Appropriate access authority Biometric controls Inference controls Encryption controls
OBJECTIVE: Verify that database access authority and privileges are granted to users in accordance with legitimate needs.
![Page 22: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/22.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
Backups
Logs
Checkpoint
Recovery module
OBJECTIVE: Verify that backup controls in place are effective in protecting data files from physical damage, loss, accidental erasure, and data corruption through system failures and program errors.
![Page 23: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/23.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:Audit Procedures
OBJECTIVE: Verify that controls over the data resource are sufficient to preserve the integrity and physical security of the database.
![Page 24: IT AUDIT - Data Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022081413/546b0a5daf795976298b49d6/html5/thumbnails/24.jpg)
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 3:Data Management Systems