DATA MANAGEMENT SYSTEMS

Data Management System is a complex set of software programs that control the organization,
storage and retrieval of data in a database. It also controls the security and integrity of the
database.

FLAT FILE.A flat file is a data file that does not contain links to other files or is a non-relational
database.

Separate data sets for each user leads to data redundancy which causes problems with:

• Data storage: Commonly used data duplicated multiple times within the organization.
• Data updating: Changes must be made separately for each user. If updating fails problem of
currency of information with users having outdated information.
• Task-data dependency: Users cannot obtain additional information as needs change.

DATABASE APPROACH

Access to the data resource is controlled by a database management system (DBMS). It is a set
of formally described tables from which data can be accessed or reassembled in many different
ways without having to reorganize the database tables.

DATABASE MANAGEMENT SYSTEM

- It is a repository or a container for collection of computerized data files. The overall

purpose of DBMS is to allow the users to define, store, retrieve and update the
information contained in the database on demand. 

Sector Use of DBMS

For customer information, account activities,
Banking
payments, deposits, loans, etc.
Airlines For reservations and schedule information.
For student information, course registrations,
Universities
colleges and grades.
It helps to keep call records, monthly bills,
Telecommunication
maintaining balances, etc.
For storing information about stock, sales, and
Finance purchases of financial instruments like stocks
and bonds.
Use for storing customer, product & sales
Sales
information.
It is used for the management of supply chain
Manufacturing and for tracking production of items. Inventories
status in warehouses.
For information about employees, salaries,
HR Management
payroll, deduction, generation of paychecks, etc.
Features:

 Program Developments:the DBMS contains application development software. Both

programmers and end users may employ this feature to create application to access the
database.
 Backup and Recovery:Backup and recovery refers to the process of backing up data in
case of a loss and setting up systems that allow that data recovery due to data loss.
Backing up data requires copying and archiving computer data, so that it is accessible in
case of data deletion or corruption. 
 Database Usage Reporting: this captures the statistics on what data are being used,
when they are used, and who uses them. This information is used by the database
administrator (DBA) to help assign user authorization and maintain the database.
 Database Access: most important features of DBMS is to permit authorized user access
both formal and informal.

DATA DEFINITION LANGUAGE

- deals with descriptions of the database schema and is used to create and modify the
structure of database objects in the database.

Examples of DDL commands:

- CREATE – is used to create the database or its objects (like table, index, function,
views, store procedure and triggers).
- DROP – is used to delete objects from the database.
- ALTER-is used to alter the structure of the database.
- TRUNCATE–is used to remove all records from a table, including all spaces allocated
for the records are removed.
- COMMENT –is used to add comments to the data dictionary.
- RENAME –is used to rename an object existing in the database.

Three Viewing Level of DDL

 Physical View- The physical view deals with the actual, physical arrangement and
location of data in the direct access storage devices. Database specialists use the
physical view to make efficient use of storage and processing resources. 
 It is used for the detailed programming of the database.
 Logical View- used to make the users life easier; each user can decide what they want
to view and how they want to view items on a database. Not only can each individual
chose what logical view they would like, but also they can set that view up as the
default.All users do not need to view all areas of the database, only the areas that
pertain to their job. This eliminates the extra information that the specific user will not
need.

 External View/User View (Subschema)-the portion that an individual user is authorized

to access.
  It is the view that the customer would see.

For example:
A bookkeeping firm will keep Accounts Receivable Records and Accounts Payable
Records. The business keeps the checks and balance system in place they will have
 one employee for the Accounts Receivables (AR) and another employee for the
Accounts Payable (AP). The accounts receivable clerk does not need to see the checks
that are being cut by the accounts payables clerk because it does not pertain to the
accounts receivable clerks’ job. The accounts receivable clerk will set their logical view
to show the Customer Number and maybe the customers balance due. This helps the
accounts receivable clerk view only what he/she needs and makes the database less
complicated. The accounts payables clerk does not need to view which customers owe
and what their balances due are. The accounts payables clerk only needs to know the
bank balance and the invoices that need to be paid. So the accounts payables clerk at
this time will set their logical view to only view the tables they need.

DATA MANIPULATION LANGUAGE

- It is a computer programming language used for adding (inserting), deleting and

modifying (updating) data in a database
- Example:
o INSERT: used to insert data into a tables
o UPDATE: used to update existing data within a table
o DELETE: used to delete records from a database table

DATA QUERY LANGUAGE

- The query capability permits end users and professional programmers to access data in
the database without the need for conventional programs.
o Can be an internal control issue since users may be making an ‘end run’ around
the controls built into the conventional programs
- Used to retrieve the data from database
- Example: SELECT: used to retrieve data from the database
-
Structured Query Language (SQL)

- Is a standard computer language for relational database management and data

manipulation
- Used to query, insert, update and modifying data.
- Some of The Most Important SQL Commands

 SELECT - extracts data from a database

 UPDATE - updates data in a database
 DELETE - deletes data from a database
 INSERT INTO - inserts new data into a database
 CREATE DATABASE - creates a new database
 ALTER DATABASE - modifies a database
 CREATE TABLE - creates a new table
 ALTER TABLE - modifies a table
 DROP TABLE - deletes a table
 CREATE INDEX - creates an index (search key)
 DROP INDEX - deletes an index
DATABASE ADMINISTRATOR

- primary job is to ensure that data is available, protected from loss and corruption, and
easily accessible as needed
- The TOP responsibility of DBA professional is to maintain data integrity.
- The sharing of a common database by, multiple users requires organization
coordination, rules and guidelines to protect the integrity of the database.

Three main models of DATABASE CONCEPTUAL MODELS

 Hierarchical Database
o In a Hierarchical database, model data is organized in a tree-like structure. Data
is Stored Hierarchically (top down or bottom up) format. Data is represented
using a parent-child relationship. In Hierarchical DBMS parent may have many
children, but children have only one parent.
 Network Model
o The network database model allows each child to have multiple parents. It helps
you to address the need to model more complex relationships like as the
orders/parts many-to-many relationship. In this model, entities are organized in a
graph which can be accessed through several paths.
 Relational Model
o Relational DBMS is the most widely used DBMS model because it is one of the
easiest. This model is based on normalizing data in the rows and columns of the
tables. Relational model stored in fixed structures and manipulated using SQL.

THE PHYSICAL DATABASE

 A physical database is both the actual device housing the information files and the
search paths used to access information between each source. 
 A physical database is technically a smaller unit of storage referred to as either a
company, field, record or table, depending on how much information the physical
storage device contains
a. Data Structures

o Allows records to be located, stored, and retrieved

o Two fundamental components: organization and access methods

b. Data Organization

o The way records are physically arranged on the secondary storage device
o Either sequential or random

c. Data Access Methods

a. Technique used to locate records and to navigate through the database

DATABASE TERMINOLOGY
  Data Attribute/Field: a single item of data, such as customer’s name, account balance,
or address
 Entity: is a database representation of an individual resource, event, or agent about
which we choose to collect data.
 Record Type: table or file
 Database:set of record types that an organization needs to support its business
processes.
 Associations:Record types that constitute a database exist in relation to other types.
 Cardinality – the degree of association between two entities
o The number of possible occurrences in one table that are associated with a
single occurrence in a related table
o Used to determine primary keys and foreign keys

CENTRALIZED DATABASES IN DPP ENVIRONMENT

 Retaining the data in a central location

 Remote IT units send request for data to the site which processes the request and
transmits the data back to the requesting IT unit.

ADVANTAGES DISADVANTAGES
Cost reductions Loss of control
Improved cost control responsibility Mismanagement of resources
Improve users satisfactions Hardware and software incompatibility
Redundant task and data consolidating
Back up of data can be improved
incompatible tasks
Difficulty attracting qualified personnel
Lack of standards

DATA CURRENCY

 Database lockout procedures are necessary to keep IPU’s from reading inconsistent
data and from writing over a transaction being written by another IPU.
 During data processing account balances pass through as state of temporary
inconsistency where their values are incorrectly stated. This occurs during the execution
of a transaction.

DISTRIBUTED DATABASES

a) Partitioning
o Splits the central database into segments or partitions that are distributed to their
primary users
o Works best for the organizations that requires minimal data sharing among
distributed IT units.
 Deadlock Phenomenon
o Multiply sites to lock out each other from the database thus preventing each from
processing each transaction.
 Deadlock resolution
o Usually involves terminating one or more transactions to complete processing of
the other transactions in the deadlock.
 oFactors to be considered:
 Resources currently invested in the transaction
 Transactions stage of completion
 The number of deadlocks associated with the transaction
b) Replication
o Effective in companies where there exists a high degree of data sharing but no
primary users.
o Since, common data are replicated at each IT unit site, the data traffic between
sites is reduced considerably.
 Concurrency Control
o Database concurrency is the presence of complete and accurate data at all users
site.
o Concurrency method is a serialize transactions which involves labeling each
transactions by two criteria.
 Special software group transactions into classes to identify potential
conflicts.
 Time-stamp each transaction. Each time-stamp is made by incorporating
the sites ID number.

DATABASE DISTRIBUTION METHOD AND THE ACCOUNTANT

 Questions to be addressed:
 Should the organization’s data be centralized or distributed?
 If data distribution id desirable, should the databases be replicated or portioned?
 If replicated, should the database be totally be replicated or partially replicated?
 If the database is to be portioned, how should the data segments be allocated
among the sites?

CONTROLLING AND AUDITING DATA MANAGEMENT SYSTEMS

Controls over data management systems fall into two general categories: access controlsand
backup controls. Access controls are designed to prevent unauthorized individualsfrom viewing,
retrieving, corrupting, or destroying the entity’s data. Backup controlsensure that in the event of
data loss due to unauthorized access, equipment failure, orphysical disaster the organization
can recover its database.

1. Access Controls- Users of flat files maintain exclusive ownership of their data. In spite
of the data integrationproblems associated with this model, it creates an environment in
which unauthorizedaccess to data can be effectively controlled. When not in use by the
owner, a flatfile is closed to other users and may be taken off-line and physically secured
in the datalibrary. In contrast, the need to integrate and share data in the database
environmentmeans that databases must remain on-line and open to all potential users.
a. User Views- The user view or subschema is a subset of the total database
that defines the user’s datadomain and provides access to the database.
b. Database Authorization Table- The database authorization table contains
rules that limit the actions a user can take. Thistechnique is similar to the
access control list used in the operating system. Each user isgranted certain
privileges that are coded in the authority table, which is used to verify
theuser’s action requests.
 c. User-Defined Procedures- A user-defined procedure allows the user to create
a personal security program or routineto provide more positive user
identification than a single password. Thus, in additionto a password, the
security procedure asks a series of personal questions (such as theuser’s
mother’s maiden name), which only the legitimate user should know.
d. Data Encryption- the use of encryption for protecting data that are transmitted
over communications lines. Database systems also use encryption
procedures to protect highlysensitive stored data, such as product formulas,
personnel pay rates, password files, andcertain financial data thus making it
unreadable to an intruder “browsing” the database.
e. Biometric Devices- The ultimate in user authentication procedures is the use
of biometric devices, whichmeasure various personal characteristics, such as
fingerprints, voice prints, retina prints,or signature characteristics. These user
characteristics are digitized and stored permanentlyin a database security file
or on an identification card that the user carries.

Audit Procedures for Testing Database Access Controls

1. Responsibility for Authority Tables and Subschemas. The auditor should verifythat
database administration (DBA) personnel retain exclusive responsibility for
creatingauthority tables and designing user views. Evidence may come from three
sources: (1) byreviewing company policy and job descriptions, which specify these
technical responsibilities;(2) by examining programmer authority tables for access
privileges to datadefinition language (DDL) commands; and (3) through personal
interviews with programmersand DBA personnel.
2. Appropriate Access Authority. The auditor can select a sample of users and verifythat
their access privileges stored in the authority table are consistent with their
jobdescriptions organizational levels.
3. Biometric Controls. The auditor should evaluate the costs and benefits of
biometriccontrols. Generally, these would be most appropriate where highly sensitive
data areaccessed by a very limited number of users.
4. Inference Controls. The auditor should verify that database query controls exist to
preventunauthorized access via inference. The auditor can test controls by simulating
access bya sample of users and attempting to retrieve unauthorized data via inference
queries.
5. Encryption Controls. The auditor should verify that sensitive data, such as
passwords,are properly encrypted. Printing the file contents to hard copy can do this.

Backup Controls in the Database Environment- Since data sharing is a fundamental objective of
the database approach, this environment isparticularly vulnerable to damage from individual
users. One unauthorized procedure, onemalicious act, or one program error can deprive an
entire user community of its information
resource. Also, because of data centralization, even minor disasters such as a disk failure
canaffect many or all users. When such events occur, the organization needs to reconstruct
thedatabase to pre-failure status. This can be done only if the database was properly backed up
inthe first place.

1. Backup. The backup feature makes a periodic backup of the entire database. This isan
automatic procedure that should be performed at least once a day. The backup
copyshould then be stored in a secure remote area.
 2. Transaction Log (Journal). The transaction log feature provides an audit trail ofall
processed transactions. It lists transactions in a transaction log file and records
theresulting changes to the database in a separate database change log.
3. Checkpoint Feature. The checkpoint facility suspends all data processing while
thesystem reconciles the transaction log and the database change log against the
database. Atthis point, the system is in a quiet state. Checkpoints occur automatically
several times anhour. If a failure occurs, it is usually possible to restart the processing
from the last checkpoint.Thus, only a few minutes of transaction processing must be
repeated.
4. Recovery Module. The recovery module uses the logs and backup files to restart
thesystem after a failure.

Audit Procedures for Testing Database Backup Controls

 The auditor should verify that backup is performed routinely and frequently to facilitate
the recovery of lost, destroyed, or corrupted data without excessive
reprocessing.Production databases should be copied at regular intervals (perhaps
severaltimes an hour). Backup policy should strike a balance between the
inconvenienceof frequent backup activities and the business disruption caused by
excessive reprocessingthat is needed to restore the database after a failure.
 The auditor should verify that automatic backup procedures are in place and functioning,
and that copies of the database are stored off-site for further security.