AUDITING IN CIS ENVIRONMENT

GROUP 3 - Members:
Balingit Ranalyn R.
Cruz, Maureen Anne A.
Jimenez, Michael
Nuñez, Neslie Danes M.
Sampiano, Arlene Ann L.
BSA 5-2

REPORTING FRAMEWORK
Chapter 4 — Security Part II: Auditing Database Systems

I. LEARNING OBJECTIVES
 Understand the operational problems inherent in the flat-file approach to data
management that gave rise to the database approach.
 Understand the relationships among the fundamental components of the
database concept.
 Recognize the defining characteristics of three database models: hierarchical,
network, and relational.
 Understand the operational features and associated risks of deploying
centralized, partitioned, and replicated database models in the DDP environment.
 Be familiar with the audit objectives and procedures used to test data
management controls.

II. DISCUSSION (TOPICS)

Data Management Approaches
The Flat-File Approach
The Database Approach
Key Elements of the Database Environment
Database Management System
Users
 Database Administrator
Physical Database
DBMS Models
Databases in a Distributed Environment
Centralized Databases
Distributed Databases
Concurrency Control
Controlling and Auditing Data Management Systems
Access Controls

III. EXERCISE/ACTIVITY
WORD ASSOCIATION
1. The class will be divided into 5 groups.
2. Each group should write words that they can associate with the word written on
the paper for 30 seconds.
3. The group who has the most number of associated words will be given
incentives.
4. WORD: DATABASE

IV. SAMPLE COMPANY/CASE (ACTUAL)

In September 2016, Yahoo, the once dominant Internet giant announced it had
been the victim of the biggest data breach in history, likely by “a state-sponsored
actor,” in 2014. The attack compromised the real names, email addresses, dates of
birth and telephone numbers of 500 million users. The company said the "vast
majority" of the passwords involved had been hashed using the robust bcrypt
algorithm. The breaches knocked an estimated $350 million off Yahoo’s sale price.
Yahoo execs botched its response to 2014 breach, investigation finds Yahoo's
security team knew an intrusion had occurred in 2014, but the company failed to
properly investigate.1

1 https://www.csoonline.com/article2130887/the-biggest-data-breaches-of-the-21st-century.amp.html
V. QUIZ (10 items)
1. To the user, data processing procedures for routine transactions, such as
entering sales orders, appear to be identical in the database environment and
in the traditional environment. T
2. In the database method of data management, access authority is maintained by
systems programming. F
3. A recovery module suspends all data processing while the system reconciles its
journal files against the database. F
4. Data normalization groups data attributes into tables in accordance with specific
design objectives. T
5. When information system needs arise, users send formal requests for computer
applications to the database administrator of the organization. F
6. In a hierarchical model
a. links between related records are implicit
b. the way to access data is by following a predefined data path
c. an owner (parent) record may own just one member (child) record
d. a member (child) record may have more than one owner (parent)
7. Which of the following may provide many distinct views of the database?
a. the schema
b. the internal view
c. the user view
d. the conceptual view
8. Which characteristic is associated with the database approach to data
management?
a. data sharing
b. multiple storage procedures
c. data redundancy
d. excessive storage costs
9. An example of a distributed database is
a. partitioned database
b. centralized database
 c. network database
d. all of the above
10. Which of the following is not a test of access controls?
a. biometric controls
b. encryption controls
c. backup controls
d. inference controls

VI. SUMMARY
The focus of this chapter is on Sarbanes-Oxley compliance regarding the
security and control of organization databases. The chapter opens with a description
of flat-file data management, which is used in many older (legacy) systems that are
still in operation today. The chapter then presents a conceptual overview of the
database model and illustrates how problems associated with the flat-file model are
resolved under this approach. The chapter outlines the key functions and defining
features of three common database models: the hierarchical, the network, and the
relational models. Both centralized and distributed database systems are discussed.
The chapter concludes by presenting the risks, audit objectives, and audit
procedures relevant to flat files, centralized databases, and distributed database
systems.

Source: Hall, J. (2011). Information Technology Auditing and Assurance (3rd ed.).
USA: South Western Publishing