An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity’s Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. Formerly called an Electronic data processing (EDP) audit, an IT audit is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization’s information systems safeguard assets, maintains data integrity, and is operating effectively and efficiently to achieve the organization’s goals or objectives. IT audits are also known as automated data processing (ADP) audits and computer audits.
Purpose
An IT audit is not entirely similar to a financial statement audit. An evaluation of internal controls may or may not take place in an IT audit. Reliance on internal controls is a unique characteristic of a financial audit. An evaluation of internal controls is necessary in a financial audit, in order to allow the auditor to place reliance on the internal controls, and therefore, substiantially reduce the amount of testing necessary to form an opinion regarding the financial statements of the company. An IT audit, on the other hand, tends to focus on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. An IT audit may take the form of a “general control review” or an “application control review”. Regarding the protection of information assets, one purpose of an IT audit is to review and evaluate an organization’s information system’s availability, confidentiality, and integrity by answering questions like:Will the organization’s computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality) Will the information provided by the system always be accurate, reliable, and timely? (Integrity).
Types of IT
Systems and Applications: an audit to verify that systems and applications are appropriate to the entity’s needs, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity.
Information Processing Facilities: an audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Systems Development: an audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
Management of IT and Enterprise Architecture: an audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
Client/Server, Telecommunications, Intranets, and Extranets: an audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
IT Audit Process
Main article: Information Technology Audit Process
The following are basic steps in performing the Information Technology Audit Process:
• Planning
• Studying and Evaluating Controls
• Testing and Evaluating Controls
• Reporting
• Follow-up
source: http://sisteminformasi.wordpress.com/2007/01/23/it-audit/
Kamis, 11 Maret 2010
Senin, 15 Februari 2010
How Creating High-Performance Database Applications with Java Triggers and the Oracle Database
As application developers, we're always challenged with new problems to solve for our customers and stakeholders. Whether you're creating desktop, enterprise, or SOA applications, you will often face the need to persist data to some sort of datastore. Although there are other options, most developers choose to use a relational database to persist data, as well as to store application state.
SQL is a great language for selecting, inserting, and updating data in the database, but it's not well suited for handling things when a particular part of your application changes state, and you need to do something about it. What do I mean by that? Let's take a look at some common, everyday examples of state changes that should be familiar to everyone.
I'm referring to any changes in state within an application, such as:
1. For an HR application, when an employee is terminated from a company, all the user accounts need to be disabled.
2. For a vehicle dealership application, after 3 years of ownership, your new vehicle's warranty expires.
3. For a health coverage application, when your dependent turns 25, then he/she is no longer covered by your health insurance.
4. For a credit account application, when you miss a payment on your credit card, then the interest rate changes from normal to default status
So, in a typical three tier application, as shown in Figure 1 below, most developers will move all the logic to the 2nd tier (note that for a desktop app, the 1st and 2nd tiers are combined) to monitor state changes, and to act accordingly.
So, for Java developers, this means that you will need to spin up a thread that will periodically poll the database to determine if any changes in state occur. As with any polling application the question immediate arises, 'How often should I poll?' If you poll the database too frequently, then you're consuming precious resources (such as CPU cycles, heap space, and a db connection) that could be used by the rest of the application. However, if you don't poll your database often enough, then you may have unwanted side-effects in your application because it's not responsive enough. For instance, if you're using a database to maintain the status of employment for employees in a corporation, then polling the database every 24 hours will result in the possibility of a terminated employee having access to the corporate resource for up to an entire day.
Therefore, the purpose of this article is to show developers how to completely eliminate the necessity for polling databases for state changes. I want to show you how to create Java triggers in the Oracle database that handle state changes by themselves.
Wait, There's a JVM Inside the Oracle Database?
Yes, there's a JVM inside the Oracle database. Yes, it's been there for years — in fact, since the days of Oracle 8i. Yes, it's available for application developers to use in their own applications -- and yes, you can achieve a performance improvement by utilizing it. How much of an improvement? Some tests have shown that JDBC operations utilizing the internal OracleJVM compared to an external JVM can increase performance by 600%, which is quite impressive.
So, with this tutorial, please try to get practise.
SQL is a great language for selecting, inserting, and updating data in the database, but it's not well suited for handling things when a particular part of your application changes state, and you need to do something about it. What do I mean by that? Let's take a look at some common, everyday examples of state changes that should be familiar to everyone.
I'm referring to any changes in state within an application, such as:
1. For an HR application, when an employee is terminated from a company, all the user accounts need to be disabled.
2. For a vehicle dealership application, after 3 years of ownership, your new vehicle's warranty expires.
3. For a health coverage application, when your dependent turns 25, then he/she is no longer covered by your health insurance.
4. For a credit account application, when you miss a payment on your credit card, then the interest rate changes from normal to default status
So, in a typical three tier application, as shown in Figure 1 below, most developers will move all the logic to the 2nd tier (note that for a desktop app, the 1st and 2nd tiers are combined) to monitor state changes, and to act accordingly.
So, for Java developers, this means that you will need to spin up a thread that will periodically poll the database to determine if any changes in state occur. As with any polling application the question immediate arises, 'How often should I poll?' If you poll the database too frequently, then you're consuming precious resources (such as CPU cycles, heap space, and a db connection) that could be used by the rest of the application. However, if you don't poll your database often enough, then you may have unwanted side-effects in your application because it's not responsive enough. For instance, if you're using a database to maintain the status of employment for employees in a corporation, then polling the database every 24 hours will result in the possibility of a terminated employee having access to the corporate resource for up to an entire day.
Therefore, the purpose of this article is to show developers how to completely eliminate the necessity for polling databases for state changes. I want to show you how to create Java triggers in the Oracle database that handle state changes by themselves.
Wait, There's a JVM Inside the Oracle Database?
Yes, there's a JVM inside the Oracle database. Yes, it's been there for years — in fact, since the days of Oracle 8i. Yes, it's available for application developers to use in their own applications -- and yes, you can achieve a performance improvement by utilizing it. How much of an improvement? Some tests have shown that JDBC operations utilizing the internal OracleJVM compared to an external JVM can increase performance by 600%, which is quite impressive.
So, with this tutorial, please try to get practise.
Langganan:
Postingan (Atom)