Auditing

Databases
Systems
Barradas, Kathleen
Bauyon, Saira
Ilagan, Jammica
Maguindayao, Joyce
Auditing Database Systems

01 Data Management
Approaches

02 Key Elements of the

Database Environment

03 Databases in a
Distributed Environment

04 Controlling and Auditing

Data Management
Systems
Data Management
Approaches
 The Flat-File Approach

Flat-file approach is most often

01 associated
systems
with so-called legacy

Large mainframe systems that were

02 implements in the 1970s through the
1980s

Data Redundancy 3 Significant Problems

03 Replication of essentially the same data
in multiple files
04 • Data Storage
• Data Updating
• Currency of Information
The Database
Approach
Database Management System (DBMS)

A special software system that is programmed to know which

data elements each user is authorized to access.

centralizes the organization’s data into a common database

that is shared by other users
Key Elements of the
Database Environment
 Database Management System
Each DBMS is unique in the way it accomplishes these objectives, but some typical features include:

Program development Backup and recovery

The DBMS periodically makes
The DBMS contains application backup copies of the physical
development software. database.

Database usage reporting Database access

The most important features of a
This feature captures statistics on DBMS is to permit authorized user
what data are being used, when they access, both formal and informal, to
are used, and who uses them. the database.
Data Definition Language
• A programming language used to
define the database to the DBMS.

Database Views
• Internal View/Physical View. This is the lowest level
of representation, which is one step removed from the
physical database. This internal view describes the
structures of data records, the linkages between files,
and the physical arrangement and sequence of records
in a file.

• Conceptual View/Logical View (Schema). The

schema (or conceptual view) describes the entire
database.

• External View/User View (Subschema). The

subschema or user view, defines the user’s section of
the database- the portion that an individual user is
authorized to access.
 Users
Formal Access: Application Interfaces
User programs, prepared by systems professionals, send data access
requests (calls) to the DBMS, which validates the requests and retrieves
the data for processing.

Data Manipulation Language

Data manipulation language (DML) is the proprietary
programming language that a particular DBMS uses to retrieve,
process, and store data.

Informal Access
This feature allows authorized users to process data independent of
professional programmers by providing a “friendly” environment for
integrating and retrieving data to produce ad hoc management reports.
 Database
Administrator
Responsible for managing the
database resource
 Database Administrator

Operation
Change and
Database Design Implementation and
Growth
Planning Maintenance
Logical Database Determine access Plan for change
Develop policy Evaluate database and growth
organization’s External Users’ performance
database strategy views Implement security Evaluate new
controls Reorganize technology
Define database Internal view of database as user
environment databases Specify test needs demand
procedures
Define data Database controls Review standards
requirements Establish and procedures
programming
Develop data standards
dictionary
 Database Administrator

System
Management
Professionals

End Users Operations

Database
Administrators

Organizational Interactions of the Database Administrator

ANOTHER
FUNCTION
OF DBA
DATA
DICTIONARY
- Describes every data element
in the database
- Enables all users to share a
common view of data resource
This is the lowest level of
the database and the
only level that exists in
physical form.

This consists of magnetic

The
spots on metallic coated
disks.
Physical
Database
The database forms a
logical collection of
records and files that
constitute the firm’s data
resource.
 DATA STRUCTURES : bricks and mortar of the
1 database ; allows records to be located, stored,
retrieved, and enables movement from one
record to another.

DATA ORGANIZATION : the way the records

are physically arranged on the secondary
2
storage device ; this may be either sequential
or random.

DATA ACCESS METHODS: the technique

used to locate records and to navigate through
3 the database ; responds to requests for data
from the user’s application, locates and
retrieves or stores the records.
 Database
Management
System A B C
Models Hierarchical
Model
Network
Model
Relational
Model
 Hierarchical Model
This was a popular method of data
representation because it reflected IBM’s information management
many aspects of an organization that system (IMS) is the prevalent
are hierarchical in relationship. example of hierarchical database.

This model is called Navigational

Database because traversing the files
This shows the detailed file structures
requires following a predefined path.
for a partial database
This is established through explicit
linkages between related records.
Rules governing hierarchical model

artificially A parent record may have one or more

1 child records.
constrained

No child record can have more than

view of data
2 one parent.
relationships

The second rule is often restrictive and limits the

usefulness of the hierarchical model.
The Network Model
01 02
Committee on Integrated
Development of Database
Applied Management
Symbolic System
Languages (IDMS)
(CODASYL)

- network model - most popular

for databases. example of the
network model
The Relational Model
1. All occurrences at the intersection of a row and a column are single value.
No multiple values allowed.

2. Attribute values in any column must all be of the same class

3. Each column is uniquely named. Different columns may

contain columns with same name

4. Each row in the table must be unique in at least

one attribute. This attribute is the primary key.

Relational Model has formal foundation in “relational

algebra” and “set theory” providing the theoretical basis for
most of the manipulation operations used.
Databases in a
Distributed Environment
Centralized Databases
Remote IT units send requests for
data to central site which processes
the requests and transmits the data
back to the requesting IT unit.

Central Site performs functions of a

file manager that services the data
needs of the remote sites.

Data Currency in a DDP Environment

• Data processing account balances pass
through a state of temporary inconsistency
where values are incorrectly stated
• Occurs during execution of transaction
 Distributed Databases
Partitioned Databases Approach
- splits the central database into segments or partition that are distributed to primary users

Advantages
• Data stored at local sites increases user’s control

• Transaction processing response time is improved

• Can reduce potential effects of a disaster

The Deadlock Phenomenon Deadlock Resolution

It is possible for multiple sites to lock out each other terminating one or more transactions to complete
from the database processing of the other transactions in the deadlock

Deadlock- is a permanent condition that must be

resolved by a special software
 Replicated Databases
Effective in companies where there exists a high degree of data sharing but no
primary user.

Primary justification is to support read- only queries

With data replicated at every site, data access for query purposes is ensured and
lockouts and delays due to data traffic are minimized
Concurrency Control
• Presence of complete and accurate data at all user sites

• Serialized Transaction most commonly uses concurrency

control
 Database Distribution Method and the Accountant

Some of the most basic

questions to be addressed:

1. Should the organization’s data be 2. If data distribution is desirable,

centralized or distributed? should the databases be
replicated or partitioned?

3. If replicated, should the databases 4. If the database is to be partitioned,

be totally replicated or partially how should the data segments be
replicated? allocated among the sites?
Controlling and
Auditing Data
Management Systems
Controls over data management systems fall into two general categories:
access controls and backup controls.

Access Controls Backup Controls

are designed to prevent ensure that in the event of

unauthorized individuals data loss due to unauthorized
from viewing, retrieving, access, equipment failure, or
corrupting, or destroying physical disaster the
the entity’s data. organization can recover its
database.
Access Controls
Users of flat files maintain exclusive ownership of their data. In spite of the data
integration problems associated with this model, it creates an environment in which
unauthorized access to data can be effectively controlled.

In the shared database environment, access control risks include corruption, theft,
misuse, and destruction of data. These threats originate from both unauthorized intruders
and authorized users who exceed their access privileges. Several control features are now
reviewed.
User Views

The user view

or subschema is a
subset of the total
database that defines
the user’s data
domain and provides
access to the
database
 Database Authorization Table- contains
rules that limit the actions a user can take. This
technique is similar to the access control list
used in the operating system.

User-Defined Procedures- allows the user to

create a personal security program or routine to
provide more positive user identification than a
single password.

Data Encryption- Database systems also use encryption procedures to protect highly sensitive stored
data, such as product formulas, personnel pay rates, password files, and certain financial data thus making
it unreadable to an intruder “browsing” the database.
 Biometric Devices

The ultimate in user authentication procedures is

the use of biometric devices, which measure various
personal characteristics, such as fingerprints, voice prints,
retina prints, or signature characteristics.

When an individual attempts to access the database, a special scanning device captures his or her biometric
characteristics, which it compares with the profile data stored on file or the ID card.
Inference Controls
Inference controls attempt to prevent three types of compromises to the database.

1. Positive compromise- the user determines the specific value of a data item.

2. Negative compromise- the user determines that a data item does not have a specific
value.

3. Approximate compromise- the user is unable to determine the exact value of an item
but is able to estimate it with sufficient accuracy to violate the confidentiality of the data.
 Audit Objective Relating to Database Access
• Verify that database access authority and privileges are granted to users in
accordance with their legitimate needs.

Audit Procedures for Testing Database Access Controls

• Responsibility for Authority Tables and Subschemas

The auditor should verify that database administration (DBA) personnel
retain exclusive responsibility for creating authority tables and designing user views.
Evidence may come from three sources:
(1) By reviewing company policy and job descriptions, which specify these technical
responsibilities
(2) By examining programmer authority tables for access privileges to data definition
language (DDL)
(3) Through personal interviews with programmers and DBA personnel
 Audit Procedures for Testing Database Access Controls (continuation)

• Appropriate Access Authority

The auditor can select a sample of users and verify that their access
privileges stored in the authority table are consistent with their job descriptions
organizational levels.

• Biometric Controls
The auditor should evaluate the costs and benefits of biometric controls.

• Inference Controls
The auditor should verify that database query controls exist to prevent
unauthorized access via inference.

• Encryption Controls
The auditor should verify that sensitive data, such as passwords, are
properly encrypted.
Backup Controls

Data can be corrupted and

destroyed by malicious acts from external
hackers, disgruntled employees, disk
failure, program error fires, floods, and
earthquakes. To recover from such
disasters, organizations must implement
policies, procedures and techniques that
systematically and routinely provide
backup copies of critical files.
Backup Controls in the Flat-File Environment

• GPC Backup Technique

The backup procedure begins when the current master file (the parent) is processed against the
transaction file to produce a new updated master file (the child). With the next batch of transactions, the child
becomes the current master file (the parent), and the original parent becomes the backup (grandparent) file.
The new master file that emerges from the update process is the child. This procedure is continued with each
new batch of transactions, creating generations of backup files. When the desired number of backup copies is
reached, the oldest backup file is erased (scratched). If the current master file is destroyed or corrupted,
processing the most current backup file against the corresponding transaction file can reproduce it.
The systems designer determines the number of backup master files needed for each application.
Two factors influence this decision: (1) the financial significance of the system and (2) the degree of file
activity.
• Direct Access File Backup
Data values in direct access file are changed in
place through a process called destructive replacement.
Therefore, once a data value is changed, the original value is
destroyed, leaving only one version (the current version) of
the file. To provide backup, direct access file must be copied
before being updated.
The timing of the direct access backup procedures
will depend o the processing method being used. Backup of
files in batch systems is usually scheduled prior to the update
process. Real-time systems pose a more difficult problem.
• Off-Site Storage
As an added safeguard, backup files created under
both the GPC and direct access approaches should be stored
off-site in a secure location.
Audit Objective Relating to Flat-File Backup

• Verify that backup controls in place are effective in

protecting data files from physical damage, loss,

accidental erasure, and data corruption through

system failures and program errors.

Audit Procedures for Testing Flat-File Backup Controls

• Sequential File (GPC) Backup. The auditor should select a

sample of systems and determine from the system documentation
that the number of GPC backup files specified for each system is
adequate.
• Backup Transaction Files. The auditor should verify through
physical observation that transaction files used to reconstruct the
master files are also retained.
• Direct Access File Backup. The auditor should select a sample
of applications and identify the direct access files being updated in
each system.
• Off-Site Storage. The auditor should verify the existence and
adequacy of off-site storage.
Backup Controls in the Database Environment

• Backup. The backup feature makes a periodic backup of the entire database. This is an automatic
procedure that should be performed at least once a day.

• Transaction Log (Journal). The transaction log feature provides an audit trail of all processed
transactions.

• Checkpoint Feature. The checkpoint facility suspends all data processing while the system
reconciles the transaction log and the database change log against the database.

• Recovery Module. The recovery module uses the logs and backup files to restart the system after a
failure.
Audit Objective Relating to Database Backup

• Verify that controls over data resource are sufficient to preserve the integrity
and physical security of the database.

Audit Procedures for Testing Database Backup Controls

• The auditor verify that backup is performed routinely and frequently to

facilitate the recovery of lost, destroyed, or corrupted data without excessive
reprocessing.
• The auditor should verify that automatic backup procedure are in place and
functioning, and that copies of the database are stored off-site for further
security.
Thank you!!!