Design Process Diagram
I need help with db auditing models. How do I approach the problem below?
Your company received a request from its most important partner to comply with industry standards, which requires an audit trail of all financial data. Your manager summoned you to her office, explaining this new requirement and assigning you to design the architecture and a high-level auditing model. Compliance requires that all data changes be recorded in the history tables and that the auditing model employ a mechanism to audit any user on demand.
Use a data model or combination of the auditing models to produce the following:
1. the process flow diagram or flowchart of your auditing model
2. the data model of your auditing model
3. identification of all components that will be involved in the auditing model.
I answered a similar question recently, that you might want to review here:
http://answers.yahoo.com/question/index;_ylt=ArN7aC0uYjdeoZfIAr0FPd0jzKIX;_ylv=3?qid=20070920234221AAFUkyN
I am a computer guy, not an auditor.
You are using terminology that I am unfamiliar with.
I don’t know what is meant by an “audit model”
In your question, you refer to “db”
to me, that means “data base”
if that means something different to you, then you should spell out what you mean.
It is one thing in a company to come up with a set of rules to be followed to meet some standard.
It is something entirely different to ENFORCE those standards, be able to prove they are being enforced, to have management authorize the funding to do so.
Both challenges
* the rules
* prove their enforcement
are entirely dependent on the kind of computer or record keeping network system that is in place at the company.
Some rules can not be enforced on certain kinds of computer systems.
It is like you bought a boy scout tent and placed supplies inside, then you are asked to add security, and all you can afford is a padlock to put on the nylon zipper. A lot of computer security is like that. Companies do not want to spend the money to replace the tent with an aluminum shed, and burglar alarm system.
In your example, there is the need for a relational data base of sufficient sophistication that you can put trigger locks on the data to enforce company business rules.
Example … no one is to change any data, unless they are using certain programs on an approved list … and no one is to make any changes to those programs, unless they go through a particular software change control system. This can be enforced by certain combinations of operating systems, middleware, security software, data base structures, such as IBM’s DB2 our UDB (different names in different computer platform environments)
How to execute a process flow diagram