Databases Reference
In-Depth Information
Exhibit 30-2.
Internal control questionnaire.
Question
Number
Response
Question
Comments
Yes
No
NA
Traditional Database Control Concerns
1.
Is the database managed independently of the
application programs that use that database?
2.
Is the operation of the database organizationally
separate from the administration of the
database?
3.
Is the definition of the data organizationally
separate from the application systems that use
that data?
4.
Is the data policy of the organization established
by senior management (i.e., normally done
through a data administrator)?
5.
Is one individual responsible for the accuracy,
completeness, and authorization of each data
item used in the database?
6.
Is each programmer's knowledge of the
database restricted to his or her view of the
data in the database?
7.
Is each data entity (called segments and
elements in various DBMSs) password
protected?
8.
Is the database administration function
restricted from accessing data in the
database?
9.
Are technical interface personnel restricted
from accessing data in the database?
10.
Can data be deleted only by application
programs (i.e., administrative and technical
personnel cannot delete data through
procedures such as reorganization)?
11.
Are counts of each different kind of data entity
(e.g., segments, elements) maintained?
12.
Is the completeness of the pointers verified
immediately following each database
reorganization?
13.
Are database reorganization controls sufficient
to ensure that the completeness and accuracy
of data are maintained during the
reorganization process?
14.
Do users maintain independent control totals
over data used in financial and other key
applications?
15.
Is sufficient backup data maintained to recover
the database within the specified time
interval?
Search WWH ::
Custom Search