Republic of the Philippines

UNIVERSITY OF EASTERN PHILIPPINES

University Town, Northern Samar, Philippines
COLLEGE OF BUSINESS ADMINISTRATION
Accountancy Department

Security Part II:

Auditing Database
Systems
(Written Report)

Prepared by:
Ermino, Divine Grace A.
Paller, Shery Rose A.
Sapa, Ariston B.
BS Accountancy 3

1
 DATA MANAGEMENT APPROACHES
The Flat-File Approach

• Most often associated with so-called legacy systems–large mainframe systems that were implemented
in the 1970s through the 1980s.
• Promotes a single-user view approach to data management whereby end users own their data files rather
than share them with other users.
• Data redundancy–replication of essentially the same data in multiple files
• Data redundancy contributes to three significant problems in the flat-file environment
Data Storage: Commonly used data may be duplicated multiple times within an organization.
Data Updating: When users keep separate and exclusive files, each change must be made
separately for each user. These redundant updating tasks add significantly to the cost of data
management.
Currency of Information: In contrast to the problem of performing multiple updates is the
problem of failing to update all the user files that are affected by a change in status. If updated information
is not properly disseminated, the change will not be reflected in some users’ data, resulting in decisions
based on outdated information.
Task-Data Dependency: Another problem with the flat-file approach (but not associated directly
to data redundancy) is the user’s inability to obtain additional information as his or her needs change.

The Database Approach

• Database management system (DBMS) – special software system that is programmed to know which
data elements each use is authorized to access.
• This approach centralizes the organization’s data into a common database that is shared by the user
community.
• All users have access to the data they need to achieve their respective objectives. Through data sharing,
the traditional problems associated with the flat-file approach may be overcome.
Elimination of Data Storage Problem: Each data element is stored only once, thereby
eliminating data redundancy and reducing data collection and storage costs.
Elimination of Data Update Problem: Because each data element exists in only one place, it
requires only a single update procedure. This reduces the time and cost of keeping the database current.
Elimination of Currency Problem: A single change to a database attribute is automatically
made available to all users of the attribute. For example, a customer address change entered by the
billing clerk is immediately reflected in the marketing and product services views.

2
 Elimination of Task-Data Dependency Problem: The most striking difference between the
database model and the flat-file model is the pooling of data into a common database that is shared by
all organizational users. With access to the full domain of entity data, changes in user information needs
can be satisfied without obtaining additional private data sets. Users are constrained only by the
limitations of the data available to the entity and the legitimacy of their need to access them. Therefore
the database method eliminates the limited access that flat files, by their nature, dictate to users.

KEY ELEMENTS OF THE DATABASE ENVIRONMENT

1. Database Management System

2. Users
3. The Database Administrator
4. The Physical Database
5. DBMS Models

DATABASE MANAGEMENT SYSTEM

Typical Features
a. Program development. The DBMS contains application development software. Both
programmers and end users may employ this feature to create applications to access the
database.
b. Backup and recovery. During processing, the DBMS periodically makes backup copies of the
physical database. In the event of a disaster (disk failure, program error, or malicious act) that
renders the database unusable, the DBMS can recover to an earlier version that is known to be
correct. Although some data loss may occur, without the backup and recovery feature the
database would be vulnerable to total destruction.
c. Database usage reporting. This feature captures statistics on what data are being used, when
they are used, and who uses them. This information is used by the DBA to help assign user
authorization and maintain the database.
d. Database access. The most important feature of a DBMS is to permit authorized user access,
both formal and informal, to the database. Data definition language (DDL), the data manipulation
language (DML), and the query language are three software modules that facilitate this task.

Data Definition Language

Data Definition Language - programming language used to define the database to the DBMS. The DDL
identifies the names and the relationship of all data elements, records, and files that constitute the

3
 database. This definition has three levels, called views: the physical internal view, the conceptual view
(schema), and the user view (subschema).

Database Views
Internal View/Physical View. This is the lowest level of representation, which is one step removed from
the physical database. This internal view describes the structures of data records, the linkages between
files, and the physical arrangement and sequence of records in a file. There is only one internal view for
the database.
Conceptual View/Logical View (Schema). Describes the entire database. This view represents the
database logically and abstractly, rather than the way it is physically stored. There is only one conceptual
view for a database.
External View/User View (Subschema). Defines a user’s section of the database—the portion that an
individual user is authorized to access. To a particular user, the user view is the entire database. Unlike
the internal and conceptual views, there may be many distinct user views.

USERS

Users access the database in two ways:

1) Formal Access: Application Interfaces: The presence of the DBMS is transparent to the users. Data
processing procedures (both batch and real time) for transactions such as sales, cash receipts, and
purchases are essentially the same as they would be in the flat-file environment.
Data Manipulation Language - proprietary programming language that a particular
DBMS uses to retrieve, process, and store data. Inserting
2) Informal Access: Query Language:
Query–an ad hoc access methodology for extracting information from a database.
Structured Query Language (SQL) - Allow users to input, retrieve, and modify data
easily and has emerged as the standard query language for both mainframe and
microcomputer DBMSs.

THE DATABASE ADMINISTRATOR

The DBA is responsible for managing the database resource. The sharing of a common database by
multiple users requires organization, coordination, rules, and guidelines to protect the integrity of the
database.

4
 Functions of the DBA
Database Planning: Implementation:
Develop organization’s database strategy Determine access policy
Define database environment Implement security controls
Define data requirements Specify tests procedures
Develop data dictionary Establish programming standards

Design: Operation and Maintenance:

Logical database (schema) Evaluate database performance
External users’ views (subschemas) Reorganize database as user needs demand
Internal view of databases Review standards and procedures
Database controls
Change and Growth:
Plan for change and growth
Evaluate new technology

The Data Dictionary

Describes every data element in the database. This enables all users (and programmers) to share a
common view of the data resource, thus greatly facilitating the analysis of user needs. The data dictionary
may be in both hard copy and digital form.

THE PHYSICAL DATABASE

This is the lowest level of the database and the only level that exists in physical form. The physical
database consists of magnetic spots on metallic coated disks that create a logical collection of files and
records.
Typical File Processing Operations
1. Retrieve a record from the file based on its primary key value.
2. Insert a record into a file.
3. Update a record in the file.
4. Read a complete file of records.
5. Find the next record in a file.
6. Scan a file for records with common secondary keys.
7. Delete a record from a file.

5
 Data Structures: This is the bricks and mortar of the database. This allows records to be located, stored,
and retrieved, and enables movement from one record to another. It has two fundamental components:
(1) organization and (2) access method.
Data Organization: The way records are physically arranged on the storage device. This may
be either sequential or random. The records in sequential files are stored in contiguous locations that
occupy a specified area of disk space. Records in random files are stored without regard for their physical
relationship to other records of the same file. Random files may have records distributed throughout a
disk.
Data Access Methods: Access methods are computer programs that are part of the operating
system and are used to locate records and to navigate through the database.
The criteria that influence the selection of the data structure include:
1. Rapid file access and data retrieval
2. Efficient use of disk storage space
3. High throughput for transaction processing
4. Protection from data loss
5. Ease of recovery from system failure
6. Accommodation of file growth

DBMS MODELS

A data model is an abstract representation of the data about entities of interest. These include resources
(assets), events (transactions), and agents (personnel or customers, etc.) and their relationships in an
organization. The purpose of a data model is to represent entities and defining their attributes in a way
that is understandable to users.

Database Terminology
• Entity and Record Type.
Entity is anything about which the organization wishes to capture data. May be physical, such as
inventories, customers, or employees. They may also be conceptual, such as sales (to a
customer), accounts receivable (AR), or accounts payable (AP).
Record Type is a physical database representation of an entity. Database designers group
together into tables (files) the record types that pertain to specific entities.
• Occurrence. Relates to the number of records of represented by a particular record type.
• Attributes. Entities are defined by attributes. Attributes logically define a particular entity, they
are unique to it and the same attribute type should not be used to define two different entities.

6
 • Database. The set of record types that an organization needs to support its business processes.
• Associations. Record types that constitute a database exist in relation to other record types.

Three common models under DBMS are:

❖ The Hierarchical Model

This was a popular method of data representation because it reflected, more or less accurately,
many aspects of an organization that are hierarchical in relationship. IBM’s information
management system (IMS) is the most prevalent example of a hierarchical database. It was
introduced in 1968 and is still a popular database model over 40 years later.

Navigational Databases. The hierarchical data model is called a navigational database because
traversing the files requires following a predefined path. This is established through explicit
linkages (pointers) between related records. The only way to access data at lower levels in the
tree is from the root and via the pointers down the navigational path to the desired records.

Limitations of the Hierarchical Model

1. A parent record may have one or more child records
2. No child record can have more than one parent.

❖ The Network Model

The most popular example of the network model is integrated database management system
(IDMS), which Cullinane/Cullinet Software introduced into the commercial market in the 1980s.
Like the hierarchical model, the network model is a navigational database with explicit linkages
between records and files. The distinction is that the network model permits a child record to
have multiple parents.

❖ The Relational Model

The formal model has its foundations in relational algebra and set theory, which provide the
theoretical basis for most of the data manipulation operations used. The most apparent difference
between the relational model and the navigational models is the way in which data associations
are represented to the user. The relational model portrays data in the form of two-dimensional
tables.

7
 DATABASES IN A DISTRIBUTED ENVIRONMENT
A. Centralized Databases
The first approach involves retaining the data in a central location.

Data Currency in a DDP Environment

During data processing, account balances pass through a state of temporary inconsistency where their
values are incorrectly stated. This occurs during the execution of a transaction.

B. Distributed Databases
i. Partitioned Databases – This approach splits the central database into segments or
partitions that are distributed to their primary users. The advantages of this approach follow:
o Having data stored at local sites increases users’ control.
o Transaction processing response time is improved by permitting local access to data
and reducing the volume of data that must be transmitted between IT units.
o Partitioned databases can reduce the potential effects of a disaster. By locating data
at several sites, the loss of a single IT unit does not eliminate all data processing by
the organization.

The Deadlock Phenomenon

• Occurs when there is mutual exclusion to the data resource, and the transactions are
in a “wait” state until the locks are removed. This can result in transactions being
incompletely processed and the database being corrupted.
• A deadlock is a permanent condition that must be resolved by special software that
analyzes each deadlock condition to determine the best solution.
• Resolving usually involves terminating one or more transactions to complete
processing of the other transactions in the deadlock.

ii. Replicated Databases are effective in companies where there exists a high degree of data
sharing but no primary user. Since common data are replicated at each IT unit site, the data
traffic between sites is reduced considerably.

Concurrency Control

Database concurrency is the presence of complete and accurate data at all user sites.

8
 A commonly used method for concurrency control is to serialize transactions. This method involves
labeling each transaction by two criteria.
1) Special software groups transactions into classes to identify potential conflicts.
2) Time-stamp each transaction

Database Distribution Methods and the Accountant

The decision to distribute databases is one that should be entered into thoughtfully. There are many
issues and trade-offs to consider. Here are some of the most basic questions to be addressed:

✓ Should the organization’s data be centralized or distributed?

✓ If data distribution is desirable, should the databases be replicated or partitioned?
✓ If replicated, should the databases be totally replicated or partially replicated?
✓ If the database is to be partitioned, how should the data segments be allocated among the sites?

CONTROLLING AND AUDITING DATA MANAGEMENT SYSTEMS

Access Controls

✓ Designed to prevent unauthorized individuals from viewing, retrieving, corrupting, or destroying the
entity’s data.
✓ Access control risks include corruption, theft, misuse, and destruction of data. These threats originate
from both unauthorized intruders and authorized users who exceed their access privileges.
User Views: Subset of the total database that defines the user’s data domain and provides access to the
database.
Database Authorization Table: Contains rules that limit the actions a user can take.
User-Defined Procedures: Allows the user to create a personal security program or routine to provide
more positive user identification than a single password.
Data Encryption: Database systems also use encryption procedures to protect highly sensitive stored
data, such as product formulas, personnel pay rates, password files, and certain financial data thus
making it unreadable to an intruder “browsing” the database.
Biometric Devices: The ultimate in user authentication procedures is the use of biometric devices, which
measure various personal characteristics, such as fingerprints, voice prints, retina prints, or signature
characteristics.
Inference Controls: To prevent users from inferring, through query features, specific data values that
they are unauthorized to access. Inference controls attempt to prevent three types of compromises to
the database:

9
 1. Positive compromise—the user determines the specific value of a data item.
2. Negative compromise—the user determines that a data item does not have a specific value.
3. Approximate compromise—the user is unable to determine the exact value of an item but is
able to estimate it with sufficient accuracy to violate the confidentiality of the data.

Audit Objective Relating to Database Access

✓ Verify that database access authority and privileges are granted to users in accordance with their
legitimate needs.

Audit Procedures for Testing Database Access Controls

1. The auditor should verify that DBA personnel retain exclusive responsibility for creating authority tables
and designing user views.
2. The auditor can select a sample of users and verify that their access privileges stored in the authority
table are consistent with their job descriptions and organizational levels.
3. The auditor should evaluate the costs and benefits of biometric controls. Generally, these would be most
appropriate where highly sensitive data are accessed by a very limited number of users.
4. The auditor should verify that database query controls exist to prevent unauthorized access via inference.
The auditor can test controls by simulating access by a sample of users and attempting to retrieve
unauthorized data via inference queries.
5. The auditor should verify that sensitive data, such as passwords, are properly encrypted. Printing the file
contents to hard copy can do this.

Backup Controls

✓ Ensure that in the event of data loss due to unauthorized access, equipment failure, or physical
disaster the organization can recover its database.

Backup Controls in the Flat-File Environment

GFS (grandfather–father–son) Backup Technique. Used in sequential file (both tape and disk) batch systems.

Direct Access File Backup. Data values in direct access files are changed in place through a process called
destructive replacement. Therefore, once a data value is changed, the original value is destroyed, leaving only
one version (the current version) of the file. To provide backup, direct access files must be copied before being
updated.

Off-Site Storage. As an added safeguard, backup files created under both the GPC And direct access
approaches should be stored off-site in a secure location.

10
Audit Objective Relating to Flat-File Backup

• Verify that backup controls in place are effective in protecting data files from physical damage, loss,
accidental erasure, and data corruption through system failures and program errors.

Audit Procedures for Testing Flat-File Backup Controls

• The auditor should select a sample of systems and determine from the system documentation that the
number of GFC backup files specified for each system is adequate.
• The auditor should verify through physical observation that transaction files used to reconstruct the
master files are also retained.
• The auditor should select a sample of applications and identify the direct access files being updated in
each system.
• The auditor should verify the existence and adequacy of off-site storage.

Backup Controls in the Database Environment

• Backup. This is an automatic procedure that should be performed at least once a day. The backup copy
should then be stored in a secure remote area.
• Transaction Log (Journal). Provides an audit trail of all processed transactions. It lists transactions in a
transaction log file and records the resulting changes to the database in a separate database change log.
• Checkpoint Feature. Suspends all data processing while the system reconciles the transaction log and
the database change log against the database.
• Recovery Module. The recovery module uses the logs and backup files to restart the system after a
failure.
Audit Objective Relating to Database Backup

• Verify that controls over the data resource are sufficient to preserve the integrity and physical security of
the database.
Audit Procedures for Testing Database Backup Controls

• The auditor should verify that backup is performed routinely and frequently to facilitate the recovery of
lost, destroyed, or corrupted data without excessive reprocessing.
• The auditor should verify that automatic backup procedures are in place and functioning, and that copies
of the database are stored off-site for further security.

11