IT3 - Auditing Databases

Module Objectives

Today's IS auditor is increasingly being faced with a multiplicity of database management systems (DBMSs). Since each of these affects not only the control concerns of the IS systems due to the concentration of risk, but also the control and audit opportunities due to the increased control and audit tools, it has become critical that auditors understand their role and criticality.

This one-day, module is designed as an intermediate course to introduce auditors to the risks and exposures specific to a business operating in a Database Environment and indicates the unique control opportunities as well as the wide range of audit tools available.

By the end of this module the attendee will be able to:

• Identify the differing types of database structures, their principal components, and the threats to them
• Relate DBMS components to the operating system environment in which they operate
• Identify potential control opportunities and select among control alternatives
• Recognise vulnerabilities in multiple DBMS environments and make appropriate recommendations
• Select the appropriate audit tool and technique to meet a given audit objective

Module content

The module will cover the following areas:

• Database types
• Sequential
• Hierarchical
• Network
• Inverted File Structures
• Relational Models
• Control opportunities in a database environment
• Database tools and techniques
• Auditing IMS; IDMS; ADABAS; DB2; DATACOM; Oracle;Access

Who should attend

The module is aimed primarily at auditors, both internal and external, who are auditing within a database environment.