This chapter deals with auditing the systems that manage and control the organization’s

data resource. Data management can be devided into two general approach : the flat-file
model and the database model. The chapter opens with a description of flat-file data
management , which is used in many older (legacy) systems that are still in operation
today. private ownership of data, which characterizes this model, is the root cause of
several problems that inhabit data intergration. Then section present a conceptual
overview of the database model and illustrates how problems associated with the flat-file
model are resolved under this approach . the nations of entity wide data sharing and
centralized control of data lie at the heart of the database philosophy

The chapter concludes with a discussion of the control and audit issues related to data
management . the risks , audit objectives and audit procedures relevant to flat files,
centralized databases and distributed databases are presented

Data management systems

There are two general approaches to data management : the flat-file model and the
database model . the differences between the two approaches are both technical and
philosophical. The defining features of each are presented below

a. the flat-file approach

the flat sile approach is most often associated with so-called legacy systems. These are
large mainframe systems that were implemented in the late 1960s throught the 1980s.
organization’s today still make extensive use of these systems . eventually , they will be
replaced by modern database management systems but in the meantime , auditors must
continued to deal with legacy systems technologies
the flat file model describe an environment in which individual data files are not related
to others file. End users in this environment own their data files rather than share them
with other users. Data processing is thus performed by standalone application rather than
integrated systems.
When multiple users need the same data for different purpose, they must obtain separate
data sets structured to their specific needs. Figure 3-1 illustrates how customers sales data
might be presented to three different user in a durable organized by account number and
structured to show outstanding balances. This is used for customer billing , account
receivable maintenance, and financial statement preparation. Marketing needs customer
sales history data organized by demographic keys for use in targeting new product
promotion and for selling product uct and structured to show scheduled service dates.
Such information is used for marketing after-sales contacts with customers to schedule
preventive maintenance and to solicit sales of service agreements

The Data redundancy demonstrated in this example contributes to three significant

problems in the flat-file environment : data storage , data updating, and currency of
information
1. Flat File Model (figure 3-1)

User Standalone application User own data sets

Customer Data (Current

Accounts Rceivable)
Billing/Accounts
Accounting Receivable Systems

Sales Invoice

Cash Receipts

Customer Data
(Hostoric/Demographic
Product Promotion Orientation
Marketing System

Sales Invoices

Customer Data
(Historic/Demographic
Product Service Service Orientation
Schedulling
System

Product services
schedule
Data storage

An efficient information systems captures and stores data only once and makes this single
source available to all users who need it. In the flat-file environment this is not possible.
To meet the private data needs of users , organizations must incur the cost of both
multiple storage procedures . some commonly used data may be duplicated dozens ,
hundreds, or even thousands of times

Data updating

Organizations store a great deal of data on master file and reference files that require
periodic updating to reflect changes. For example , a change to a customers name or
address must be reflected in the appropriate master files. When user keep separate files.
All changes must be made separately for each user. This adds significantly to the task
burden and the cost of data management

Currency of information

In contrast to the problem of performing multiple updates is the problem of falling to

update all the user files affected by change in status . if update information is not properly
disseminated , the change will not be reflected in some users data , resulting in decisions
based on outdated information

Task-Data Dependency (Limited Access)

Another problem with the flat file approach is the users inability to obtain additional
information as his or her needs change , a problem known as task-data dependency . the
users information set is constrained by the data that he or she possesses and controls.
Users act independently : they do not interact as members of a user community . in this
environment , it is very difficult to establish a mechanism for the formal sharing of data.
Therefore , new information needs tend to be satisfied by procuring new data files, this
takes time, inhibits performance adds to data redundancy, and drives data management
costs even higher . the resulting limited access also inhibits the effective sharing of data
among the entity’s users.

Flat files limited data integration (limited inclusion )

The flat-file approach is a single-view model. File are structured , formattrd, and arranged
to suit the specific needs of the owner or primary user of the data. Such structuring ,
however , many exclude data attributes that are useful to other users , thus preventing
successful integration of data across the organization . for example since the accounting
function is the primary user of accounting data, these data are often captured , formatted
and stored to accommodate financial reporting and GAAP . this structure , however may
be unless to the organization’s other (non accounting) users of accounting data , such as
the marketing , finance, production , and engineering fuctions. There users are presented
with three options :
 1. do not use accounting data support decisions
2. manipulate and massage the existing data structure to suit their unique needs or

3. obtain additional private sets of the data and incur the costs and operational
problems associated with data redundancy

2. The Database approach

An organization can overcome the problems associated with flat files by implementing
the database approach to data management

Access to the data resource is controlled by a database management system (DBMS) .

the DBMS is a special software systems that is programmed to know which data elements
each user is authorized to access . the users program sends requests for data to the
DBMS, which validates and authorizes access to the database in accordance with the
users level of authority. If the user request s data that he or she is not authorized to access
the request is denied. Clearly the organization’s procedures for assigning user authority
are an important control issue for auditors to consider . figure 3-2 provides an overview
of the database environment.

This approach centralizes the organizations data into a common database that is shared by
other users. With the enterprise’s data in a central location, all users have access to the
data they need to achieve their respective objectives. Through data sharing the traditional
problems associated with the flat –file approach may be overcome.

Elimination of Data Storage Problem

Each data element is stored only once , there by eliminating data redundancy and
reducing data collection and storage costs. For example , costumer data exist only once,
but data are shared by accounting , marketing, and product service users

Elimination of Data Update Problem

Because each data element exist in only one place , it requires only a single update
procedure. This reduces the time and cost of keeping the database current

Elimination of Currency Problem

A single change to a database attribute is automatically made available to all users of the
attribute . for example, a costumer address change entered by the billing clerk is
immediately reflect in the marketing and product services view
Elimination of Task-Data Dependency Problem

The most striking difference between the database model and flat file model is the
pooling of data into a common database that is shared by all organizational users. With
access to the full domain of entity data, change in user information needs can be satisfied
whitout obtaining additional private data set. Users sre constrained only by the limitations
of the data available to the entity and the legitimacy of their need to access them.
Therefore the database method eliminates the limited access that flat-file by their nature,
dictate to users.

Elimination of Data Integration Problem

Since the data are in a common and the globally accessible location , the data are able to
be fully integrated into all applications for all users. Generally speaking , no one unit or
group owns the data. If the design is done correctly , the data structures are not designed
in such a way as to limit their usefulness to a broad set of users. Thus the database
method can alleviate the data integration problem common to flat files

Database Model (figure 3-2)

User User View Integration software Shared Database

Costumer sales
Accounting
(Current Account
Receivable )
Costumer Data
Marketing Costumer Sales D Sales Invoice
(Historic/Demogra B Receipts Product
phic Orientation) M Service Schedule
S
Other Entity
Data
Product Services Costumer Sales
(Historic/Product
Orientation)