This preview shows page 97 - 100 out of 118 pages.
Database management systems (DBMS)DBMS are normally designed for use in real-time environments. They enable elementsof data to be accessed by different programs. This avoids the duplication of data whichinevitably occurs in a traditional system.97
As data is normally only stored once, and may be accessible to all users that require it,the principal control problems raised concern the authorization of data amendments andrestriction of access to data. Any data amendments must take into account therequirements of all the users.An administration function should be set up to run and control the day to day operationof the database, thereby enhancing segregation of duties (this function will beindependent of the systems development personnel and programmers and dataprocessing managers).The following controls, some of which are common to all real-time systems, might beincorporated into DBMS.Controls to prevent or detect unauthorized changes to programs These include:no access to live program files by any personnel except for the operationspersonnel at the central computer;password protection of programs;restricted access to the central computer and terminal;maintenance of a console log and scrutiny by the data processing manager andby an independent party such as the internal auditors.Periodic comparison of live production programs to control copies.Controls to prevent or detect errors during operation These include:restriction of access to terminals by use of passwords and restrictions onprograms;satisfactory application controls over input, processing and master files andtheir contents, including retrospective batching.Use of operations manuals and training of all users;Maintenance of logs showing unauthorized attempts to access and regularscrutiny by the data processing manager and internal auditors; Physical protection of data files;Training in emergency proceduresControls to ensure integrity of the database system These include:98
restriction of access to the data dictionary ( this contains standard descriptions,including definitions, characteristic and inter-relationship of data);segregation of duties between the data processing manager, the databaseadministration function and systems development personnel;liaison between the database administration function and systems developmentpersonnel to ensure integrity of systems specifications;preparation and update as necessary of user manuals.The audit of DBMS creates particular problems as the two principal CAATs, test dataand audit software, tend to work unsatisfactorily in these systems. The auditors may,however, be able to use embedded audit facilities. The auditors should if possible beinvolved at the evaluation, design and development stages so that they are able todetermine their audit requirements and identity control problems.