Surcel PDF
Surcel PDF
1-4/2005 15
The data warehouse is the core of decision support systems. The audit of data warehouse sys-
tems aims to certify the conformity, credibility and superior performance of the system. This pa-
per presents some aspects of data warehouse audit, investigating the following areas: methodo-
logical and architectural problems, data quality, system maintenance, documentation and user
training. The ultimate purpose is to ensure the continuity, efficiency and consolidation of busi-
nesses based on this kind of decision support systems.
Keywords: audit, data warehouse, methodology, change management, architecture, data quality,
maintenance.
passing the acceptance test, in the real system. with the best practices, the architecture must
For an efficient coordination of the changes, ensure scalability, integrity and flexibility for
the auditor might recommend and verify a bet- the system. The auditor must analyze two
ter communication and notification through other elements:
support procedures in order to document the refreshment strategy
changes. Small changes may be implemented operational data fund (ODS), created paral-
straight into the real system, but only with a lel to the data warehouse.
close monitoring after implementation. It is a Flexibility means using configurable parame-
fast solution, with a small risk, and it is better ters for the system architecture and the possi-
than the standard procedure mentioned above. bility to add new objects to the warehouse. An
element that leads to increased flexibility is the
START
START use of descriptions instead of codes, which
Preplaning
Preplaning leads to increased performance in creation of
Gathering context information cubes and reports. Using the “always include”
Gathering context information
options in cube creation after upgrading the
Gathering information on client juridical obligations
Gathering information on client juridical obligations data series and daily “clean house” also lead to
Performing preliminary analytical procedures increased flexibility.
Performing preliminary analytical procedures
5. Refreshment strategy
Setting up significance threshold and estimation of
Setting up significance threshold and estimation of
Refreshment strategy is based on refreshment
acceptable audit risk and inherent risk
acceptable audit risk and inherent risk rate. A way to implement the refreshment rate
Understanding internal control and estimating control risk considers the creation date of the record and
Understanding internal control and estimating control risk
the increase of refreshment period with a cer-
Drawing general audit plan and audit program
Drawing general audit plan and audit program tain increment rate. The disadvantage of this
method is that it leads to restoring more re-
Is there
cords than actually modified.
Is there
a plan to decrease
NU Another, more efficient, implementation uses a
a plan to decrease
the control risk?
the control risk? refreshment rate based on the time of the last
modification of a record. To restore older
transactions, a higher incrementation rate of
DA the recording time marking is recommended.
Perform tests on control mechanisms
Perform tests on control mechanisms Indexing increases the performance of loading,
Perform thorough operations tests
Perform thorough operations tests extracting and reporting data, more so on large
Estimate the probability of errors in data quality
data volumes. Refreshment strategy must be
Estimate the probability of errors in data quality
assessed from the point of view of maintaining
Verify the data quality
Verify the data quality and restoring indexes. “Update & insert” tech-
Verify events nique uses existing indexes and is faster, while
Verify events
“delete & append” rebuilds the indexes by
Gather final samples
Gather final samples “drop and rebuild after refresh” technique,
Assess results
Assess results
which consumes more time but yields better
performance when creating cubes.
Write the audit report
Write the audit report ODS is an operational data fund created and
Communication with audit committee and management
Communication with audit committee and management maintained in parallel with the data ware-
house, with the goal of a better response time
STOP
STOP and logging the activity of the data warehouse.
Fig. 1. Sinteza procesului de audit Data loaded into ODS must be verified before
(adaptare după Arens A. şi Loebbecke J.) their confirmation in the data warehouse.
Data warehouse audit must asses the feasibility
4. System architecture of developing an ODS on the same storage en-
Data warehouse architecture is another point vironment as the warehouse it is associated
of interest for the audit. In order to comply with.
Economy Informatics, nr. 1-4/2005 17
Specifications for informational demands, de- User satisfaction is analyzed from the point of
sign specifications and term glossaries must be view of achieving goals established at design
complete, dated and constantly updated. time, as well as system functioning. User satis-
Documentation must clearly highlight data ar- faction is reflected by the frequency, nature
chitecture, process architecture and system and structure of additional requirements to the
technical architecture. initial system. All these aspects are found in
We must highlight again the importance of the level of benefits, recording and acknowl-
specifications for coordinating refreshment edging of catching new business opportunities,
processes, complete and correct explanations ensuring continuity and consolidating the
of back step engineering used to capture the business that exploits the data warehouse sys-
last modification, the last updating. tem.
Definitions, economic rules and terms that be-
long to the business community must be in- References
cluded in a glossary that specialists name Arens A., Loebbecke J., Audit. O abordare
“Gognos Glossary and End User Guide”. integrată, Editura ARC, Chişinău 2003
Documentation assessment also evaluates the Champlain Jack, - Auditing Information
existence of information concerning creation Systems, John Wiley & Sons, New Jersey,
and maintaining standards and recommenda- 2003
tions for the best practices implemented in the Ivan I., Noşca G., Capisizu S. - Auditul sis-
audited system. temelor informatice, Editura ASE, Bucur-
Training must differentiate competence and eşti, 2005
responsibility levels of the users. There are International Federation of Accountants, -
three categories: regular users, professional Audit financiar 2000, Standarde de audit,
users, help desk users involved in perfecting Editura Economică, Bucureşti, 2002
the system – extending and diversifying appli- Jacques Renard – Théorie et practique de
cative functionality. l’audit interne, Editions d’Organisation,
Auditing also targets continuous training for Paris, France 2002
the new procedures, which means internal
seminaries, discussions forums to establish the
feed-back needed to stimulate new opinions
about current functioning and future evolution
of the system. This is an additional element
that increases user satisfaction.