Documente Academic
Documente Profesional
Documente Cultură
AUDITING DATABASE
SYSTEMS
DATABASE MANAGEMENT
APPROACH
Flat-file Approach Database Approach
ADVANTAGES DISADVANTAGES
All records are stored in Less security, easy to
one place;
Easy to understand and extract information;
implement; Data redundancy;
Simple sorting and filtering
can be carried out Problem with data
Can use a standard integrity;
spreadsheet to store it;
Less hardware and software Data inconsistency
requirements ;and,
Less skills are required to
hand flat database system.
DATABASE APPROACH
ADVANTAGES DISADVANTAGES
There is no repeating Expensive;
attributes, no piece of data
should be unnecessarily Complex; and,
repeated;
In DB approach, you only Need experienced or
have to change data in one trained to staff to
table and all other
references in any other operate.
table will automatically
changed.
There is no risk of the same
attribute being stored in
dif ferent format in dif ferent
file.
KEY ELEMENTS OF DATABASE
ENVIRONMENT
DBMS Model
Database Terminology
Hierarchical Model
Network Model
DATABASE IN DISTRIBUTED
ENVIRONMENT
A. Partitioned Database
Deadlock Phenomenon
B. Replicated Database
or Duplication
Concurrency Control
A database management systems (DBMS)
concept that is used to address conflicts with
the simultaneous accessing or altering of
data that can occur with a multi -user system.
CONTROLLING AND AUDITING DATA
MANAGEMENT SYSTEMS
1. Access Control
User Views
Database Authorization
Table
User-Defined Procedures
Data Encryption
Biometric Devices
Inference Controls
Positive Compromise
Negative Compromise
Approximate Compromise
AUDIT PROCEDURES FOR TESTING
DATABASE ACCESS CONTROLS
Responsibility for Authority Tables and Subschemas. The
auditor should verify that database administration (DBA) personnel
retain exclusive responsibility for creating authority tables and
designing user views.
Appropriate Access Authority. The auditor can select a sample of
users and verify that their access privileges stored in the authority
table are consistent with their job descriptions organizational
levels.
Biometric Controls. The auditor should evaluate the costs and
benefits of biometric controls . Generally, these would be most
appropriate where highly sensitive data are accessed by a very
limited number of users.
Inference Controls. The auditor can test controls by simulating
access by a sample of users and attempting to retrieve unauthorized
data via inference queries
Encryption Controls. The auditor should verify that sensitive data,
such as passwords, are properly encrypted. Printing the file
contents to hard copy can do this.
2. Back up Control
THANK YOU