Circle Company has asked you to submit a contract bid to render a professional opinion concerning the operation and control of the company’s database system. A centralized database is maintained, and these data are shared by all users. Users access the database using remote data terminals. All access to the database is controlled by a database software system. The information technology (IT) department includes a manager of operations and a manager of computer programming. Both these managers report to the head of the IT department. The head of the IT department reports to the controller. You visit the company to make a preliminary survey and review of the operation and control of the database system. During your visit to Circle, you review some of the database system documentation, observe some data terminal usage of the system, observe the operation of the IT department, and interview the head of the IT department. At the end of a very busy day, you return home with the following notes:
a. Access to online data terminals is not restricted. Any type of transaction may be input from any terminal.
b. Documentation of the database system is extensive. Complete system documentation is available to users and to IT personnel.
c. The database software maintains a user authorization table. User passwords and access codes are assigned by user management and approved by the manager of computer programming.
d. The database dictionary was established and is controlled by the manager of computer programming. Changes to data definitions are approved by users.
e. The database software maintains a transactions- conflict matrix. User requests for data are validated against this matrix to ensure that users receive only authorized data.
f. Users must enter their passwords when signing on the system. Terminal activity logs are maintained for backup and control purposes.
g. Terminal input is edited for reasonableness and completeness. Transaction control totals are developed, and transaction logs are maintained.
h. Processing control totals are developed and reconciled with changes in the database.
i. Output is reconciled with transaction and input control totals. Printed output is placed in a bin outside the IT room, where users pick it up at their convenience.
j. Backup copies of the database are made daily and stored in the file library area. Access to the file library area is restricted to IT personnel.

Several days after your visit, you are reviewing your notes to prepare a written proposal to perform a controls review for Circle Company. What is your preliminary opinion concerning the operation of their database system?

  • CreatedFebruary 26, 2015
  • Files Included
Post your question