Skip to main content
SpringerLink
Log in

Database audit and control strategies

  • Published:
Information Technology and Management Aims and scope Submit manuscript

Abstract

Database management systems are the primary tools of automated record keeping, reporting, auditing, and control. Although they have significantly improved the efficiency and speed of record keeping, the ability to detect errors and maintain quality has not kept pace. There are three major strategies of error detection, auditing, and control to maintain integrity. The three strategies are introduced, and compared in terms of efficiency and effectiveness in eliminating errors. The optimum timing of audits under each strategy is computed. One strategy is shown to be completely dominated by the others. Hybrid strategies involving various combinations of the three pure strategies are introduced, and their performance computed. Hybrid strategies are shown to outperform the pure strategies under most realistic conditions. Finally, optimum audit strategies are devised, and their parameters computed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. T. Amer, A.D. Bailey and P. De, A review of the computer information systems research related to accounting and auditing, Journal of Information Systems 1 (1987) 3–28.

    Google Scholar 

  2. D.P. Ballou and H.L. Pazer, Designing information systems to optimize the accuracy-timeliness tradeoff, Information Systems Research 6 (1995) 56–82.

    Google Scholar 

  3. D.P. Ballou and H.L. Pazer, Modeling data and process quality in multi-input multi-output information systems, Management Science 31(2) (1985) 150–162.

    Google Scholar 

  4. P.A. Bernstein, V. Hadzilacos and N. Goodman, Concurrency Control and Recovery in Database Systems (Addison-Wesley, 1986).

  5. M.J. Cerullo, General controls in computer systems, Computers and Security 4 (1985) 33–45.

    Google Scholar 

  6. E. Cinlar, Introduction to Stochastic Processes (Prentice-Hall, 1975).

  7. R.B. Cooper, Introduction to Queuing Theory (Ceepress Books, 1990).

  8. C.J. Date, An Introduction to Database Systems (Addison-Wesley, 1995).

  9. G.B. Davis and R.Weber, The impact of advanced computer systems on controls and audit procedures: A theory and empirical test, Auditing: A Journal of Practice and Theory 46 (1986) 1–28.

    Google Scholar 

  10. J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques (Morgan Kaufmann, 1993).

  11. S.M. Groomer and U.S. Murthy, Continuous auditing of database applications: An embedded audit module approach, Journal of Information Systems 3 (1989) 53–69.

    Google Scholar 

  12. H.S. Koch, Auditing on-line systems: An evaluation of parallel versus continuous and intermittent simulation, Computers and Security 3 (1984) 9–19.

    Google Scholar 

  13. K.C. Laudon, Data quality and due process in large interorganizational record systems, Communications of ACM 29(1) (1986) 4–11.

    Google Scholar 

  14. W. McCune and L. Henschen, Maintaining state constraints in relational databases, Journal of ACM 36(1) (1989) 266–291.

    Google Scholar 

  15. R.C. Morey, Estimating and improving the quality of information in MIS, Communications of ACM 25(5) (1982) 337–342.

    Google Scholar 

  16. A. Motro, Integrity = validity + completeness, ACMTransactions on Database Systems 14(4) (1989) 480–502.

    Google Scholar 

  17. L.V. Orman, A model management approach to business process reengineering, Journal of MIS 15(1) (1998) 187–212.

    Google Scholar 

  18. L.V. Orman, Differential relational calculus for integrity maintenance, IEEE Transactions on Knowledge and Data Engineering 10(2) (1998) 328–341.

    Google Scholar 

  19. D.G. Paradise and W.L. Fuerst, An MIS data quality methodology based on optimal error detection, Journal of Information Systems 5(1) (1991) 48–66.

    Google Scholar 

  20. T.L. Redman, Data Quality: Management and Technology (Bantam Books, 1992).

  21. T.L. Saaty, Elements of Queuing Theory (McGraw-Hill, 1961).

  22. A. Segev and J.L. Zhao, Rule management in expert database systems, Management Science 40(6) (1994) 685–707.

    Google Scholar 

  23. R.Y. Wang, V.C. Storey and C.P. Firth, A framework for the analysis of data quality research, IEEE Transactions on Knowledge and Data Engineering 7(4) (1995) 623–639.

    Google Scholar 

  24. Y. Wand and R. Weber, A model of control and audit procedure change in evolving data processing systems, Journal of Accounting Research 11(3) (1989) 273–295.

    Google Scholar 

  25. R. Weber, EDP Auditing: Conceptual Foundations and Practices (Prentice-Hall, 1988).

Download references

Author information

Authors and Affiliations

  1. Cornell University, Sage Hall, Ithaca, NY, 14853, USA

    Levent V. Orman

Authors
  1. Levent V. Orman
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Orman, L.V. Database audit and control strategies. Information Technology and Management 2, 27–51 (2001). https://doi.org/10.1023/A:1009930720090

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1009930720090

Search

Navigation