Audit And Control | Database Management System

Audit And ControlĀ | Database Management System

Audit And Control : Audit is an analysis of an organization’s Computer and information systems in order to evaluate the efficiency, correctness & integrity of its database systems as well as to uncover potential Security Cracks. Auditing is done to verify that DBMS operations are properly implemented and executed. It is usually done by an external auditor so that the audit process may be fair and unbiased. Computer System audit is increasingly becoming the focal point of the independent audit, Compliance audit, and operational audits. An information system audit can assist in many ways such as:

  • Improve System and process controls
  • Prevent and detect errors and fraud
  • Reduce risk and enhance system security
  • Plan for contingencies and disaster recovery
  • Manage information & developing Systems
  • Prepare for the independent audit
  • Evaluating the effectiveness and efficiency related to the use of resources

An audit trail tracks all the transactions executed concurrently to find out any leakage or breach in the Security and to find out any possibility of fraud.

Elements of information System (IS) or DBMS Audit

An information System is not just a DBMS or a computer. Today’s IS are complex and have many Components that piece together to make a business Solution. Assurances about an information system can be obtained only if all the components are evaluated and Secured. The major elements of IS audit can be broadly classified as:

1. Physical and environmental review : This includes physical security, power supply, air conditioning, humidity control and other environmental factors.

2. System administration review: This includes security review of the operating systems, database management systems, all system administration procedures and compliance.

3. Application software review: The business application could be payroll, invoicing, a web-based Customer order processing System or an enterprise resource planning System that actually runs the business. Review of Such application software includes access control and authorizations, validations, error and exception handling, business process flows within the application Software and complementary manual controls and procedures. Additionally, a review of the system development life cycle should be completed.

4. Network security review: Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are Some typical areas of Coverage.

5. Business continuity review : This includes existence and maintenance of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaster recovery/business Continuity plan.

6. Data integrity review: The purpose of this is scrutiny of live data to verify adequacy of Controls and impact of weaknesses, as noticed from any of the above reviews. Such substantive testing can be done using generalized audit Software (e.g., computer assisted audit techniques).

Control

‘Control is a process established by management to provide reasonable assurance that DBMS or IS objectives will be achieved’.

Control is done to provide assurance to management about:

  • effectiveness of operations
  • economical and efficient use of resources
  • Compliance with policies, procedures, laws regulations
  • safeguarding of assets and interests from losses of all kinds, including those arising from fraud, irregularity or Corruption
  • integrity/reliability of information, accounts, data

In simple words controls are the defined set of rules and procedures established to ensure that DBMS or IS performs as per desired objectives. The control starts with the design of the database and the application programs. One of the best methods of controlling is to divide and delegate the responsibilities. This can be achieved by forming separate teams for different jobs.

Also the integrity Control mechanism should be properly implemented in the database so that every transaction or operated is validated by the DBMS. User Interface must be designed in a proper manner to avoid any incorrect data entry.