Databases Reference
In-Depth Information
log by individuals accessing data to determine what data they accessed, or
by key data items to determine who is accessing key data items. This infor-
mation can be used for both security and privacy analyses.
The auditor can simulate a disaster to verify
whether operations personnel can recover the database and substantiate
processing, should a real failure occur.
Perform a Disaster Test.
Using the audit software or
DBMS utilities, the auditor can accumulate the value of detailed data ele-
ments and then verify the accumulated total to that maintain indepen-
dently by the application systems.
Verify Details to External Control Totals.
The auditor should determine
whether the organization has procedures for designing, organizing, reorga-
nizing, recovering, and performing other operational activities related to
the database. The procedures should then be reviewed to determine if they
are adequate and if actual procedures match the documented ones.
Review Database Operational Procedures.
A total of the number of data entities (e.g.,
segments or items)within the database should be accumulated and veri-
fied to the accounts maintained by the DBA. If the DBA function also main-
tains hash total or other accumulated totals, the auditor can verify those
totals by using audit software or database utilities.
Verify Database Control Totals.
The methods for control-
ling downloaded data should be determined, and the use of those controls
at the end users' sites should be verified. The auditor should determine
whether reports and decisions made by end users on the basis of down-
loaded data are consistent with the content of that data.
Verify End-User Control over Downloaded Data.
This test is normally too complex for the
auditor to perform, but the auditor should verify that platform compatibil-
ity tests have be performed. The auditor can review the test plan and test
results to verify compatibility.
Verify Platform Compatibility.
Many audit software languages can not access a database. In such an
environment, the auditor must either use database utilities or have the DBA
function convert the database to a file that can be accessed by the auditor.
AUDITING A CASE TECHNOLOGY REPOSITORY
The major component of a CASE environment is the repository, where all
common data and processing modules are stored. The upper CASE tools
specify the attributes of the repository. The lower CASE tools use the repos-
itory to produce operational code. The repository is similar to the database
in that the major components of the database are also components of the
repository and the risks associated with loss of integrity are similar.
Search WWH ::
Custom Search