0% found this document useful (0 votes)
686 views24 pages

Data Management Systems: IT Auditing & Assurance, 2e, Hall & Singleton

This chapter discusses data management systems and databases. It describes the disadvantages of flat file data storage and how databases address these issues. The key components of a database system are described, including the database management system (DBMS), database administrator (DBA), users, and the physical database. The relational database model is also explained. The chapter outlines audit procedures to evaluate access controls, backup controls, and controls over the physical security and integrity of the database.

Uploaded by

sax_worship
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
686 views24 pages

Data Management Systems: IT Auditing & Assurance, 2e, Hall & Singleton

This chapter discusses data management systems and databases. It describes the disadvantages of flat file data storage and how databases address these issues. The key components of a database system are described, including the database management system (DBMS), database administrator (DBA), users, and the physical database. The relational database model is also explained. The chapter outlines audit procedures to evaluate access controls, backup controls, and controls over the physical security and integrity of the database.

Uploaded by

sax_worship
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

Chapter 3:

Data Management Systems

IT Auditing & Assurance, 2e, Hall & Singleton


DATA-FLAT FILES
 e.g., Figure 3.1 [p.94]
 Disadvantages
 Data storage
 Data updating
 Currency of information
 Task-data dependency (limited access)
 Data integration (limited inclusion)
 Do not use accounting data to support
decisions
 Manipulate existing data to suit unique needs
 Obtain additional private sets of data,
incurring costs and operational problems

IT Auditing & Assurance, 2e, Hall & Singleton


DATA-DATABASE
 e.g., Figure 3.2 [p.96]
 How database approach eliminates
the five disadvantages of flat files
 Data storage
 Data updates
 Currency of information
 Task-data dependency (limited
access)
 Data integration (limited inclusion)

IT Auditing & Assurance, 2e, Hall & Singleton


CENTRALIZED DATABASE
SYSTEM
 Figure 3.3 [p.98]
Database Environment
 DBMS
 Users
 Database administrator
 Physical database

IT Auditing & Assurance, 2e, Hall & Singleton


DBMS
 Typical features

 Program development
 Backup and recovery
 Database usage reporting
 Database access

IT Auditing & Assurance, 2e, Hall & Singleton


DBMS
 Data definition language (DDL)
 Views
 Figure 3.4 [p.99]

 Internal / physical view


 Conceptual / logical view
 External / user view

IT Auditing & Assurance, 2e, Hall & Singleton


USERS
 Formal access: application interfaces
 Data manipulation language (DML)
 DBMS operations: 7 steps [Figure 3.4]
 Informal access: query
 Define query
 SQL
 is industry de facto standard query language
 Select, from, where commands
 Review Figure 3.5 [p.101] – SQL process
 QBE

IT Auditing & Assurance, 2e, Hall & Singleton


DBA
 DBA
 Manages the database resources
Table 3.1 [p.102]
 Database planning
 Database design
 Database implementation
 Database operations & maintenance
 Change & growth
 Data dictionary
 Interactions [Figure 3-6, p.103]

IT Auditing & Assurance, 2e, Hall & Singleton


PHYSICAL DATABASE
 Data structures
 Data organization
 Sequential
 Random
 Data access methods
 Data hierarchy
 Attribute/field
 Record
 Associations
 File
 Database
 Enterprise database
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE MODELS
 Hierarchical

 Network

 Relational

IT Auditing & Assurance, 2e, Hall & Singleton


RELATIONAL MODEL:
2-dimensional

IT Auditing & Assurance, 2e, Hall & Singleton


RELATIONAL MODEL -
TERMS

 TABLE = file
 COLUMN = field
 ROW = record

IT Auditing & Assurance, 2e, Hall & Singleton


RULE #1
 Entries in the table cells MUST be
single-valued
 Cannot be null
 Cannot be multi-values
 Example

IT Auditing & Assurance, 2e, Hall & Singleton


RULE #2

 “Consistency” applies to columnar


values – same class

IT Auditing & Assurance, 2e, Hall & Singleton


RULE #3
 Column names are distinct

 Example “cost” for sales price and


unit cost columns

IT Auditing & Assurance, 2e, Hall & Singleton


RULE #4

 Each row contains distinctively


different data from all other rows

 Requires use of “key field(s)”

IT Auditing & Assurance, 2e, Hall & Singleton


RELATIONAL MODEL

 Figure 3-13, p. 112

IT Auditing & Assurance, 2e, Hall & Singleton


DATABASE IN DDP
 Data concurrency problem
 Deadlock (illustrated in Figure 3-17, p. 118)

Time 1: User 1 loads File A, User 2 loads File C User 3 loads File E

Time 2: User 1 locks File A, User 2 locks File C, User 3 locks File E

Time 3: User 1 tries to load File C … “wait”


User 2 tries to load File E … “wait”
Use 3 tries to load File A … “wait”

DEADLOCK!!

 Deadlock Resolution
IT Auditing & Assurance, 2e, Hall & Singleton
DATABASE IN DDP

 Distributed database
 Partitioned
 Replicated
 Concurrency control
 Classified
 Time-stamps

IT Auditing & Assurance, 2e, Hall & Singleton


CONTROLLING & AUDITING
DBMS
 Access controls
 User views / subschema [see Figure 3-20,
p.121]
 Database authorization table [Table 3-3,
p.122]
 User-defined procedures
 Mother’s maiden name
 Data encryption
 Biometric devices
 Inference controls (query)
 example (p. 123)
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING DBMS:
Audit Procedures
OBJECTIVE: Verify that database access
authority and privileges are granted to users
in accordance with legitimate needs.

 Tables and subschemas


 Review policy and job descriptions
 Examine programmer authority tables for access to
DDL
 Interview programmers and DBA
 Appropriate access authority
 Biometric controls
 Inference controls
 Encryption controls

IT Auditing & Assurance, 2e, Hall & Singleton


CONTROLLING & AUDITING DBMS:
Audit Procedures
OBJECTIVE: Verify that backup controls in
place are effective in protecting data files
from physical damage, loss, accidental
erasure, and data corruption through system
failures and program errors.

 Backups
 Logs
 Checkpoint
 Recovery module

IT Auditing & Assurance, 2e, Hall & Singleton


CONTROLLING & AUDITING DBMS:
Audit Procedures
OBJECTIVE: Verify that controls over the
data resource are sufficient to preserve the
integrity and physical security of the
database.

IT Auditing & Assurance, 2e, Hall & Singleton


Chapter 3:
Data Management Systems

IT Auditing & Assurance, 2e, Hall & Singleton

You might also like