Pasion, Kaye Lianne G.

Relos, Yella Mae P.

Santos, Monica Sophia L.
The Flat File Approach
 Associated with large , older legacy system still in use
 Promotes single-user view approach to data management
where end users own their data rather than share them with
other user.
 Data Files are structured, formatted and arranged to suit
the specific need of the primary user of the data.
 When multiple users need the same data for different
purpose, they must obtain separate data sets structured to
their specific needs.
Problems attributes to Flat File
Environment
 Data Storage – Captures and stores data only once and
make this single source available to all users.
 Data Updating – Organizations store data on master
files and reference files that requires periodic updating
to reflect changes.
 Currency of Information – Information must be
properly disseminated
 Task Data Dependency – Users cannot obtain
additional information as need to change
The Database Approach
Special software system that is programmed to
know which data elements each user is authorized
to access
Access to Data resource is controlled by the DBMS
Centralizes organizations’ data into common
database shared by the users
Through data sharing the traditional problem
associated with the flat file approach may be
overcome:
 Elimination of Data Storage Problem – Each data is stored at
once, therefore eliminating data redundancy and reducing
data collection and storage costs
 Elimination of Currency Problem – Single change to database
is automatically made available to all the users.
 Elimination of Task Data Dependency Problem – Users only
constrained by legitimacy of access needed.
Key Elements of the Data Base
Environment
1. Database Management System – The central
element of the database approach. DBMS provides a controlled environment to assist
access to the database and to efficiently manage the data resource.

Typical Features:
 Programmed Development – Programmers and end users can create application to access
the database
 Backup and Recovery – Periodically makes backup copies of the physical database
 Database usage reporting – Captures statistics on database usage (who,when,what)
 Database Access – Authorized user to access the section of the database
Data Definition Language (DDL) – Programming
language used to define the database to the system. It identifies the name
and the relationship of all data elements, records, and files that constitute
the database.

Database Views
 Internal View/Physical View – Describes structures of data records,
linkage between files and physical arrangement and sequence of
records in a file.
 Conceptual view/Logical View – Describes the entire database logically
and abstractly rather than physically.
 External View – Portion of database each user can view.
2. Data Manipulation Language
(DML) – is the proprietary programming language
that a particular DBMS uses to retrieve, process, and
store data to/from the database.

 Query Language - is an ad hoc access methodology for extracting information

from a database

 SQL (Structured Query Language) – is a fourth generation non procedural

language with many commands that allows users to input, retrieve, and modify the data
easily.
3. The Database Administrator – is
responsible for managing the database resources.

Functions of the Database Administrator

 Database Planning
 Design
 Implementation
 Operation and Maintenance
 Change and Growth
4. The Physical Database - The fourth major
element of the database approach. This is the lowest
and only one in physical form. It consists of magnetic
spots on metallic coated disks. Data structures are
bricks and mortar database.
The Data Dictionary
Another important function of the DBA is the creation and maintenance of the data
dictionary. The data dictionary describes every data element in the database. This
enables all users to share a common view of the data resource. The data dictionary may
be in both paper form and online. Most DBMSs employ special software for managing the
data dictionary.
Organizational Interactions of the
database Administrator
Typical File Processing Operations
1. Retrieve a record from the file based on its primary key value.
2. Insert a record into a file.
3. Update a record in the file.
4. Read a complete file of records.
5. Find the next record in a file.
6. Scan a file for records with common secondary keys.
7. Delete a record from a file.
Data Structures
Data structures are the bricks and mortar of the database.
The data structure allows records to be located, stored, and
retrieved, and enables movement from one record to another.
Data structures have two fundamental components: organization and
access method.

Data Organization
The organization of a file refers to the way records are physically arranged on
the secondary storage device.

Data Access Methods

The access method is the technique used to locate records and to navigate
through the database. The criteria that influence the selection of the data
structure
1. Rapid file access and data retrieval
2. Efficient use of disk storage space
3. High throughput for transaction processing
4. Protection from data loss
5. Ease of recovery from system failure
6. Accommodation of file growth
Data Attribute/Field.
A data attribute is a single item of data, such as
customer’s name, account balance, or address.

Entity.
An entity is a database representation of an
individual resource, event, or agent about which
we choose to collect data.

Entities may be physical or conceptual record

Type. When we group together the data attributes
that logically define an entity, they form a record
type. For example, the data attributes describing
the sales event could form the sales order record
type.
Database.
A database is the set of record types that an organization needs to
support its business processes. Some organizations employ a
distributed database approach and create different databases for
each of its primary functional areas.
Associations
Record types that constitute a database exist in relation to other
record types. This is called an association. Three basic record
associations are: one-to-one, one to-many, and many-to-many.
One-to-one association
This means that for every occurrence in Record
Type X, there is one occurrence in Record Type Y.
One-to-many association
For every occurrence in Record Type X, there are
zero, one, or many occurrences in Record Type Y.
This means that a particular customer may have
purchased goods from the company zero, one or
many times during the period under review.
Many-to-many association
For each occurrence of Record Types X and Y, there are
zero, one, or many occurrences of Record Types Y and
X, respectively. The business relationship between an
organization’s inventory and its suppliers.
The Hierarchical Model
The earliest database management systems were based on the hierarchical data
model. This was a popular method of data representation because it reflected,
more or less faithfully, many aspects of an organization that are hierarchical in
relationship. IBM’s information management system (IMS) is the most prevalent
example of a hierarchical database.
The hierarchical data model is called a navigational database because
traversing the files requires following a redefined path. This is established
through explicit linkages (pointers) between related records.
The Network Model
In the late 1970s, an ANSI committee created the Committee on Development of Applied
Symbolic Languages (CODASYL), which formed a database task group to develop standards for
database design. CODASYL developed the network model for databases. The most popular
example of the network model is IDMS, which Cullinane/Cullinet Software introduced into the
commercial market in the 1980s. Although this model has under gone many changes over the
years, it is still in use today.
The Relational Model
E. F. Codd originally proposed the principles of the relational model in the late 1960s. The formal
model has its foundations in relational algebra and set theory, which provide the theoretical basis
for most of the data manipulation operations used. The most apparent difference between the
relational model and the navigational models is the way in which data associations are represented
to the user.

The relational model portrays data in the form of two-dimensional tables. Figure 4.13 presents an
example of a database table called Customer. Across the top of the table are attributes (data fields)
forming columns. Intersecting the columns to form rows in the table are tuples. A tuple is a
normalized array of data that is similar, but not precisely equivalent, to a record in a flat-file
system. Properly designed tables possess the following four characteristics:
1. All occurrences at the intersection of a row and a column are a single value. No multiple values
are allowed.
2. The attribute values in any column must all be of the same class.
3. Each column in a given table must be uniquely named. However, different tables may contain
columns with the same name.
4. Each row in the table must be unique in at least one attribute. This attribute is the primary key.
 The user view or subschema - a subset of the total database that defines the user’s
datadomain and provides access to the database.
 Biometric devices - the ultimate in user authentication procedures is the use of
biometric devices, which measure various personal characteristics, such as
fingerprints, voice prints, retina prints,or signature characteristics.
 User-Defined Procedures - allows the user to create a personal security program
or routine to provide more positive user identification than a single password.

 Biometric Controls. The auditor should evaluate the costs and benefits of
biometric controls. Generally, these would be most appropriate where highly
sensitive data are accessed by a very limited number of users.
 Inference Controls. The auditor should verify that database query controls exist to
prevent unauthorized access via inference. The auditor can test controls by
simulating access bya sample of users and attempting to retrieve unauthorized
data via inference queries.
 Encryption Controls. The auditor should verify that sensitive data, such as
passwords, are properly encrypted. Printing the file contents to hard copy can do
this.
 • Verify that backup controls in place are effective in
protecting data files from physical damage, loss, accidental
erasure, and data corruption through system failures and
program errors.
 • Sequential File (GPC) Backup. The auditor should select a sample of systems and
determine from the system documentation that the number of GPC backup files
specified for each system is adequate. If insufficient backup versions exist, recovery
from some types of failures may be impossible.
 • Backup Transaction Files. The auditor should verify through physical observation that
transaction files used to reconstruct the master files are also retained. Without
corresponding transaction files, reconstruction is impossible.
 • Direct Access File Backup. The auditor should select a sample of applications and
identify the direct access files being updated in each system. From system
documentation and through observation, the auditor can verify that each of them was
copied to tape or disk before being updated.
 • Off-Site Storage. The auditor should verify the existence and adequacy of off-site
storage. This audit procedure may be performed as part of the review of the disaster
recovery plan or computer center operations controls.
 Backup. The backup feature makes a periodic backup of the entire database. This
is an automatic procedure that should be performed at least once a day. The
backup copy should then be stored in a secure remote area.
 Transaction Log (Journal). The transaction log feature provides an audit trail of
all processed transactions. It lists transactions in a transaction log file and records
the resulting changes to the database in a separate database change log.
 Checkpoint Feature. The checkpoint facility suspends all data processing while
the system reconciles the transaction log and the database change log against the
database. At this point, the system is in a quiet state. Checkpoints occur
automatically several times an hour. If a failure occurs, it is usually possible to
restart the processing from the last checkpoint. Thus, only a few minutes of
transaction processing must be repeated.
 Recovery Module. The recovery module uses the logs and backup files to restart
the system after a failure.
•Verify that controls over the data resource are
sufficient to preserve the integrity and physical
security of the database.
 • The auditor should verify that backup is performed routinely and frequently to
facilitate the recovery of lost, destroyed, or corrupted data without excessive
reprocessing.

 Production databases should be copied at regular intervals (perhaps several times

an hour). Backup policy should strike a balance between the inconvenience of
frequent backup activities and the business disruption caused by excessive
reprocessing that is needed to restore the database after a failure.

 • The auditor should verify that automatic backup procedures are in place and
functioning, and that copies of the database are stored off-site for further security.