Database management systems DBMS DBMS are normally designed for use in real

Database management systems dbms dbms are normally

This preview shows page 97 - 100 out of 118 pages.

Database management systems (DBMS) DBMS are normally designed for use in real-time environments. They enable elements of data to be accessed by different programs. This avoids the duplication of data which inevitably occurs in a traditional system. 97
Image of page 97
As data is normally only stored once, and may be accessible to all users that require it, the principal control problems raised concern the authorization of data amendments and restriction of access to data. Any data amendments must take into account the requirements of all the users. An administration function should be set up to run and control the day to day operation of the database, thereby enhancing segregation of duties (this function will be independent of the systems development personnel and programmers and data processing managers). The following controls, some of which are common to all real-time systems, might be incorporated into DBMS. Controls to prevent or detect unauthorized changes to programs These include: no access to live program files by any personnel except for the operations personnel at the central computer; password protection of programs; restricted access to the central computer and terminal; maintenance of a console log and scrutiny by the data processing manager and by an independent party such as the internal auditors. Periodic comparison of live production programs to control copies. Controls to prevent or detect errors during operation These include: restriction of access to terminals by use of passwords and restrictions on programs; satisfactory application controls over input, processing and master files and their contents, including retrospective batching. Use of operations manuals and training of all users; Maintenance of logs showing unauthorized attempts to access and regular scrutiny by the data processing manager and internal auditors; Physical protection of data files; Training in emergency procedures Controls to ensure integrity of the database system These include: 98
Image of page 98
restriction of access to the data dictionary ( this contains standard descriptions, including definitions, characteristic and inter-relationship of data); segregation of duties between the data processing manager, the database administration function and systems development personnel; liaison between the database administration function and systems development personnel to ensure integrity of systems specifications; preparation and update as necessary of user manuals. The audit of DBMS creates particular problems as the two principal CAATs, test data and audit software, tend to work unsatisfactorily in these systems. The auditors may, however, be able to use embedded audit facilities. The auditors should if possible be involved at the evaluation, design and development stages so that they are able to determine their audit requirements and identity control problems.
Image of page 99
Image of page 100

You've reached the end of your free preview.

Want to read all 118 pages?

  • Summer '18
  • jere
  • The Land, Financial audit

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture