Thao tác dữ liệu

CHỌN LỰA Sự thu thập thông tin

CẬP NHẬT Thay đổi
CHÈN Tạo bộ dữ liệu mới
XÓA Xóa bộ dữ liệu
TỪ ĐÂU Những bảng chỉ định
NƠI NÀO Những điều kiện
VÀ Sự liên kết của những điều kiện
HOẶC Sự rời rạc của những điều kiện

Ví dụ:

Kết quả luôn là 1 cái bảng.

Cấu trúc đảo ngược tệp:

RECORD MA COL MO
KE OR DEL
1 BM Red 528
W I
2 For Blu Lase
d e r
3 For Red Lase
d r
4 BM Blu 328
W e i

Can be indexed by Make, Color, Model

MAKE RECORDS
BMW 1,4
Ford 2,3

COLOR RECORDS
Red 1,3
Blue 2,4

MODEL RECORDS
328I 4
 528I 1
Laser 2,3

Terminology

* Indexes and pointers

Big Data
Big Data was first classified in 2001 and has become a popular term to describe the exponential
growth of data in both structured and unstructured formats. The data was defined as having three
main attributes:
• Volume, which is derived primarily in structured form from transaction-based information; with
decreasing storage costs, the amount of stored, structured data is now enormous, creating
problems in drawing meaningful and relevant analytics. In unstructured form, data may come in
from social media in even larger volumes.
• Velocity of data throughput creates its own problems because of the need for analysis to be
conducted in a timely manner.
• Variety of data formats range from structured data in traditional database formats as used in
corporate application systems through unstructured formats, such as email, video, audio, and e-
commerce transactions.
The sheer complexity of data formats gives the analyst problems in linking and matching
information across systems in order to correlate relationships and perform the necessary connections
and data linkages to convert drawn data into useful information. By using the ability to extract data
from any source, extract the relevant data, and analyze it appropriately, organizations currently seek
to ensure time and cost reductions and to enable more effective business decision making.
Big Data analytics are typically used by auditors to, for example,
• Quickly identify high-risk operational areas
• Use clickstream analysis to collect and analyze information on web pages visited, in which
order, in order to improve e-commerce analysis or detect fraudulent behavior
• Recalculate entire risk portfolios at high speed
In normal operations, organizations are using Big Data analysis to
do the following:
• Optimize work performance areas and logistics
• Broadcast tailored corporate information to mobile devices
• Determine root causes of business defects or failures in nearreal time
Once again, when businesses are using data analytics for business deci-
sion making, it is critical that the auditors ensure that the data is complete, accurate, and can be relied
upon and that the analytic process is carried out with equal integrity. This is covered in more detail in
Chapter 11.
The Download Process
Running the auditor’s analysis software on the auditee’s IT system is frequently impractical due to
differences in technical platforms, and it may not be required when the auditor could use existing
tools on the auditee’s system. The downside of this approach is that the auditor must be familiar with
the tools available in the specific client’s IT environment, and the use of such tools for audit
purposes could cause potential disruption of the auditee’s live system with implications for both data
integrity and operational performance.
As a result, the more common approach is the extraction of the infor-
mation data files in which the auditor has an interest and downloading of such to an independent
machine under the direct control of the auditor.
As with any other form of audit, the initial stage of any data analysis
is a planning exercise in which the auditor will have decided the intention of the audit, the evidence
that is being sought, and the nature of the analysis that would be carried out. This information may
be derived from the current system documentation where a high-level understanding of the IT
processes may be obtained, including a precise understanding of the individual data elements
available so that those appropriate for data analysis may be selected. Once the evidence required has
been identified, it must be located. This will typically involve research on the documentation of the
file structures containing the evidence to be interrogated. Such documentation may be clerical or
may be contained within the schemas and subschemas of a database. In the case of non-database
files, the auditor will seek a full listing of all potential data files together with their contents and
purposes so that for each selected file record layouts may be examined to identify data fields of
interest, the type and format as well as the field lengths.
When a database is involved, perhaps the most useful source of infor-
mation regarding the structures and access paths to the required data may be contained in the
metadata held in the data dictionary of the relevant DBMS. From this, the auditor may derive a list of
files or tables together with the details of the fields contained and constraints of fields at the table
level as well as sort keys, access paths, and data relationships.
The auditor needs this information to ensure the data targeted is clearly identified and located and
that false conclusions will not be derived by interrogating the wrong data or even the correct data
using the wrong file layout.
The auditor will then decide the mode of data transfer to be uti-
lized and how the data will be verified and reconciled after it has been downloaded. At that stage, it
may be possible to decide if any data conversion will be required and what form it should take. As
previously noted, doing direct interrogation on the auditee’s live system carries the disadvantages of
not being reproducible and at the same time placing an overhead on live processing. Once the
planning has been carried out to this stage, the auditor should then be in a position to seek
authorization for download.

Access to Data
Whether the data is to be attained from live systems, reports, or via downloads, the auditor will need
the proper authorities to obtain such information and analyze it in the appropriate way. This may
come from user management, executive management, or IT management, depending on the nature of
the information and the analysis to be performed. Such authorities should always be granted on a
read-only basis. Unless there are exceptional circumstances, the auditor should not have the ability
deliberately, or accidentally, to corrupt or change live data. When such circumstances exist, the
auditor must ensure the appropriate authorization is documented and retained securely.