Академический Документы
Профессиональный Документы
Культура Документы
GROUP 3 - Members:
Balingit Ranalyn R.
Cruz, Maureen Anne A.
Jimenez, Michael
Nuñez, Neslie Danes M.
Sampiano, Arlene Ann L.
BSA 5-2
REPORTING FRAMEWORK
Chapter 4 — Security Part II: Auditing Database Systems
I. LEARNING OBJECTIVES
Understand the operational problems inherent in the flat-file approach to data
management that gave rise to the database approach.
Understand the relationships among the fundamental components of the
database concept.
Recognize the defining characteristics of three database models: hierarchical,
network, and relational.
Understand the operational features and associated risks of deploying
centralized, partitioned, and replicated database models in the DDP environment.
Be familiar with the audit objectives and procedures used to test data
management controls.
III. EXERCISE/ACTIVITY
WORD ASSOCIATION
1. The class will be divided into 5 groups.
2. Each group should write words that they can associate with the word written on
the paper for 30 seconds.
3. The group who has the most number of associated words will be given
incentives.
4. WORD: DATABASE
1 https://www.csoonline.com/article2130887/the-biggest-data-breaches-of-the-21st-century.amp.html
V. QUIZ (10 items)
1. To the user, data processing procedures for routine transactions, such as
entering sales orders, appear to be identical in the database environment and
in the traditional environment. T
2. In the database method of data management, access authority is maintained by
systems programming. F
3. A recovery module suspends all data processing while the system reconciles its
journal files against the database. F
4. Data normalization groups data attributes into tables in accordance with specific
design objectives. T
5. When information system needs arise, users send formal requests for computer
applications to the database administrator of the organization. F
6. In a hierarchical model
a. links between related records are implicit
b. the way to access data is by following a predefined data path
c. an owner (parent) record may own just one member (child) record
d. a member (child) record may have more than one owner (parent)
7. Which of the following may provide many distinct views of the database?
a. the schema
b. the internal view
c. the user view
d. the conceptual view
8. Which characteristic is associated with the database approach to data
management?
a. data sharing
b. multiple storage procedures
c. data redundancy
d. excessive storage costs
9. An example of a distributed database is
a. partitioned database
b. centralized database
c. network database
d. all of the above
10. Which of the following is not a test of access controls?
a. biometric controls
b. encryption controls
c. backup controls
d. inference controls
VI. SUMMARY
The focus of this chapter is on Sarbanes-Oxley compliance regarding the
security and control of organization databases. The chapter opens with a description
of flat-file data management, which is used in many older (legacy) systems that are
still in operation today. The chapter then presents a conceptual overview of the
database model and illustrates how problems associated with the flat-file model are
resolved under this approach. The chapter outlines the key functions and defining
features of three common database models: the hierarchical, the network, and the
relational models. Both centralized and distributed database systems are discussed.
The chapter concludes by presenting the risks, audit objectives, and audit
procedures relevant to flat files, centralized databases, and distributed database
systems.
Source: Hall, J. (2011). Information Technology Auditing and Assurance (3rd ed.).
USA: South Western Publishing