Databases Reference
In-Depth Information
CASE is the repository, a database that stores system components (subrou-
tines or modules) until they are assembled into programs. IBM's Application
Development/Cycle (AD/Cycle) is a CASE methodology that improves the
quality and productivity of new computer systems. Its repository contains
subroutine and design specifications generated during system design; these
are later tied together and implemented to build the system.
Data stored in a repository differs from that stored in a traditional data-
base. Although the database typically contains business transaction data
(e.g., accounts receivable and payroll), a repository contains data that
defines data elements, processing modules, and their relationship. Despite
this fundamental difference, the risks associated with repositories and tradi-
tional databases are similar; therefore, the concepts presented in this chapter
are applicable to both. The chapter explains how to audit a traditional data-
base and describes how the same approach can be used to audit a repository.
CUSTODIAL RESPONSIBILITY
Databases are usually managed by a database administration
(DBA)function. In large organizations, this may be an independent group
staffed by many individuals; in smaller organizations, however, the func-
tion may be performed on a part-time basis by a systems programmer or by
computer operations personnel. In a client/server environment, the server
facility has data management responsibility.
Although the DBA function is responsible for safeguarding the data
delivered to the database, it cannot assume responsibility for the accuracy,
completeness, and authorization of transaction that access the database.
Thus, the responsibility for ensuring the integrity of a database is a custo-
dial responsibility. This responsibility is fivefold:
• To safeguard the data delivered to the database.
• To protect the system from unauthorized access.
• To ensure that the database can be reconstructed in the event of tech-
nological problems.
• To establish an organization structure that provides necessary checks
and balances.
• To provide and users with controls that ensure the integrity of actions
and reports prepared using all or parts of a database.
DATABASE INTEGRITY CONCERNS
Databases involve several audit concerns. They include:
•
More reliance on integrity.
Users often do not enter their own data and
thus rely on others for ensuring integrity. In addition, multiple users
may access the same data element, thereby increasing the magnitude
of problems should data integrity be lost.
Search WWH ::
Custom Search