Framing Database Audit of ISO/IEC 12207 Software Life Cycle Processes

Abstract

Data has become one of the most valuable assets in corporations as a result of information technology evolution. To run businesses satisfactorily companies must have complete, coherent and updated data sets. In order to increase efficiency and minimize risks it is mandatory to pay very special attention to audit and control activities. Database audit has developed its own approaches and techniques, sometimes in an independent fashion from other activities related to software. However, framework standard ISO/IEC 12207 Software Life Cycle processes, ISO/IEC 12207 (1995) considers audit as a process, defined and characterized in the standard. This chapter describes an approach to database audit that is framed of ISO/IEC 12207. The reason for paying such attention to this standard is its widespread use and popularity, as well as the fact that it has been taken as a reference for the software-related issues in the new collection known as ISO 9000:2000 (not yet fully published). Sections are as follows: Introduction; Audit in The Context of ISO/IEC 12207 that is a presentation of ISO/IEC 12207 and the role of audit in it; then a Short Overview to Audit Methodologies for the Database Field; an explanation of Control Objectives for Database Primary Life Cycle Processes; Control Objectives for Database Organizational Life Cycle Processes: Infrastructure; A Description of Control Techniques; and ends with a description of Some Risks Associated to Databases and a number of Conclusions.