(a) One of the reasons for adopting a database as a basis f or an information system is to enhance data/program independence.
(i) Explain the importance of data/program independence.
(ii) Recommend suitable security features that need to be instituted in a database environment where many transactions take place concurrently such as a bank.
Examine the factors which may complicate the audit of computerised systems
(c)What implementation problems are likely to occur if proper documentation was not produced during program design?
a) Data/ program independence
This refers to the independence between data stored in files and the software programs required to update and maintain those files.
(i) Importance of data/program independence:
It enables changes to a database to be implemented easily. For instance, in a system changes in data such as tax rates or ZIP code length do not require changes to the programs that access the data.
(ii) Security features that need to be instituted:
1. Backup and recovery procedures to enable recovery from system failure.
2. Authorization- To prevent unauthorized access to data. Authorization may be throughusernames and passwords.
3. Transaction locks i.e. writhe locks and read locks. These prevent the problem of lostupdates (situation that arises when two or more programs try to update a database concurrently but the resultant update is incorrect)
o Checkpoints and journals. A checkpoint is a ―snapshot‖ of the database before it was updated a program(s). A journal holds the details of subsequent updates to a database. Checkpoints and journals assist in recovery from system failure.
p Provision of different views of the database for different categories of users in order to limit access to sensitive data.
q Encryption –Coding of data special algorithm that renders them unreadable without decryption. Encryption prevents unauthorized access to sensitive data.
b) Information systems audit
This is an activity aimed at reviewing and evaluating whether proper and adequate information system controls, procedural controls, and physical facility controls have been developed and implemented. The scope of an information systems audit includes:
o Budgeting and finance
o New systems development
o Data security and privacy o Recovery
Factors that may complicate the audit of computerized systems:
1. Large system size
A large system size implies that each scope of the audit will have many subsets of activities. This necessitates proper planning and scheduling of the activities. Therefore a large system size makes the audit long.
2. Absence of software to assist in the audit.
This would mean that the entire audit would have to be manual. This is tedious.
3. Uncooperative staff (Information systems staff)
The information systems auditor will be required to interview information systems staff concerning the use of the system i.e. the activities and procedures involved. Uncooperative staff would complicate the task of the auditor.
4. Complex organizational structure
The MIS auditor is required to have a thorough understanding of the organizational structure before performing an audit. This is because the organizational structure largely determines information flows within the organization and thus the audit. A complex organizational structure would thus complicate the work of the auditor.
5. Many system interfaces
A system interface is a point where two systems meet and share inputs and outputs. Numerous system interfaces make it difficult to trace system inputs and outputs during sample transactions.
c) Implementation problems:
1. Poor programs due to poor pseudocode, flowcharts, decision tables.
2. Inappropriate hardware due to poor hardware specifications.
3. Poor error handling and recovery procedures in the implemented system because of poor technical documentation.
4. Incompatible software due to poor software specifications.