Databases Reference
In-Depth Information
•
Segregation of new responsibilities.
Managing data independently of the ap-
plication system requires a new organizational structure. In this reorgani-
zation, responsibilities should be adequately segregated to ensure the
appropriate checks and balances in the database environment.
•
Increased privacy risk.
The concentration of personal data in a single
place increases concern over privacy. This concern involved the ac-
cessibility of online database information and the fact that a greater
concentration of data about an individual permits more analysis at a
given time.
•
Increased security risk.
The greater concentration and accessibility of
data in a database increases the need for security over that data. Al-
though it is possible to intermix data of different security classifica-
tions, this should not be done in a way that gives users access to more
data than they need.
•
Improper use of data by microcomputer users.
Improper processing of
interpretation by microcomputer users of downloaded data from cor-
porate databases can result in inconsistent reports, improper manage-
ment actions, and misuse or loss of funds due to misinterpretation of
data. For example, erroneously assuming that monthly data is weekly
data and ordering inventory accordingly can result in the misuse or
loss of funds.
•
Portability risk between multiple processing platforms.
In client/server
environments and some CASE technology environments, various pro-
cessing platforms are used (i.e., hardware and software from different
vendors or different hardware and software from the same vendor).
Data moving from one platform to another can be inadvertently al-
tered unless adequate controls are in place. Field lengths may be
changed, or data elements lost in movement.
THE DATABASE CONTROL ENVIRONMENT
Before conducting an internal control review, the auditor must under-
stand the control environment in which the database operates. Such an
understanding is also helpful in conducting tests of the control environ-
ment. The database control environment is illustrated in Exhibit 1.
The center of the control environment is the DBMS. As the name implies,
it manages the environment, as opposed to reading and writing data to the
database. In this management process, the DBMS interfaces with the oper-
ating system to perform the actual read and write instructions to the disk
file. The users' interface to the DBMS is through their application program,
or both. (Most DBMSs come with a query or interrogation language utility.)
There are three categories of database users. The first category includes
users who need data for day-to-day operation. Second are the systems ana-
lysts and programmers who build and modify computer applications.
Search WWH ::
Custom Search