audgfmis new 2 ' 4. [ b + ! ' 2 ! @ i 2 1 d...
TRANSCRIPT
ก������������� ���� GFMIS:
������ก�������������
1
������ก�������������
��. ����� �� �
����������� GFMIS
Operating System SAP R/3 (GFMIS)
MIS(���%��%&'())MIS - BW SEM
PO������������������������������������FM CO
FI����ก��!�"��#����������ก��!�"��#������
2
BISBIS'�� ��('�� ��(..
DPISDPIS'�� �ก,'�� �ก,..
ee--Procurement Procurement '��ก� �����ก#��'��ก� �����ก#��(e-catalog,e-shopping list ee--Auction)Auction)
e-Payroll , e-Pension'��ก� �����ก#��
AFMIS'���B�����ก��
������������������������������������FM
����������(�� �C��(�� �C HR
�������,F�ก��G#�������,F�ก��G#
CO
��������G���������G�
����ก��!�"��#����������ก��!�"��#������.�ก��01�2.�ก��01�2
RPRP ����3�45&6�%7'8&����3�45&6�%7'8&APAP ���'�8ก97�2���'�8ก97�2
CM CM �����8;��'8&%0�����8;��'8&%0FAFA ���%8&(�3�2<=������%8&(�3�2<=���GLGL ����3?@A42ก.�'�(����3?@A42ก.�'�(
ก������������������!�H
1. Review of Organization’s
Policies, Practices, and Structure
2. Review General
4. Perform Test of Controls
7. Perform Substantive Tests
Audit Planning Tests of Controls Substantive Testing
3
2. Review General controls and Application
Controls
3. Plan Tests of Controls and Substantive
Testing Procedure
5. Evaluate Test Results
6. Determine Degree of Reliance
on Controls
8. Evaluate Results and Issue
Auditor’s Report
9.Audit Report
* Information Systems Auditing and Assurance by James A.Hall
ก��(��! "�ก����G �FI�
1. �K�B� �ก����G �FI���L!,�F�,�M���N B
(Adequate controls)
4
2. �K�B�ก����G �FI���L ����� �(���"�R"S#M���N B
(Control effectiveness)
Control Matrix
Errors
5
Controls
Control MatrixControl Matrix
6
�� �� ,��RV��M�B��ก����G �FI�ก���#�ก�������I�ก����������
W��X�������ก����G �FI�!'� �'Y� SK������������Z�ก�������ก����G !,�L��K�B�ก��
7
��������Z�ก�������ก����G !,�L��K�B�ก����G �(���"�R"S# �[L�W��!(\���"�กY���� ��W#�ก���������!����M�����N��
!��"ก��I��� ,"�!���V�B�FI�ก���������Computer-Assisted Auditing Tools and
Techniques (CAATTs)
��L�"F I��ก����L�N( N���กB
- Test Data ก�������ก����G
8
- Test Data ก�������ก����G
- Generalized Audit Software (GAS)
X(��ก� �Z�!�Y��K(�Z�M���ก�����������L�N(
I���Z�M���ก���������!����M�����
� � ��L!ก�LF�'���ก�� IT Audit
a � � SK��������������G����MB��M����! �"ก� American Institute of Certified Public Accountants, Inc. (AICPA) http://www. aicpa.org
9
(AICPA) http://www. aicpa.org
a � � SK���������FI� (Institute of Internal Auditors-- IIA) http://www. theiia.org
Control framework for ERP Environment
Program Interface/Data Conversion Integrity
Design and implement controls for one-time conversions and ongoing interfaces.
1. Legacy system security2. Interface3. Conversion
Hardware
Operating system
IS Policies/Procedures Technology Integrity1. System security2. Monitoring3. Change management4. Scheduling5. Backup recovery6. Disaster recovery
Business Process Integrity1. Business Risk2. Control objective3. Control requirements
Business P
rocesses
10
Project ManagementChange management and project disciplines
Remote Access-Certification (PKI) Encryption, etc. F
irew
all Database
ERP Application
3. Control requirements4. Control techniques5. Type of control
Application Security1. Security requirements2. Security design
3. Security configuration (DEV & PRD)
4. Administration procedures development
Business P
rocesses
SAP R/3 Audit Layers
Database systems
(IT) Organization and Business Departments
SAP R/3 Basis System
Single Module
IT Audit and
11
Physical and Organizational Situation in the IT Environment
Network and Communication Systems
Operating System
Database systemsIT basicsecurity
*Introduction to the SAP R/3 System focusing on audit aspects By Roger Odenthal
.�'�(��ก��B��BC���2D&%6�;�3���� SAP
a ก����G X�F�"R�(e"���"��� (Manual / procedural controls)f กZ�M���XF��Fก��(e"���"����#���!��F�(e"���"
a ก����G X�F����(e"���"��� (Inherent controls)
a ก����G X�Fก��กZ�M��B�ก���Z����'������ (Configuration controls)
12
a ก����G X�Fก��กZ�M��B�ก���Z����'������ (Configuration controls)
a ก����G ก��!'��W[�'�� K# (Logical access controls)
f ก��กZ�M���"�R"ก��!'��W[�'�� K#f ก��กZ�M��ก����B��FกM�����LI�������� (Segregation of duties)
a ก����G X�Fก��I����F��� (Reporting Controls)f ��F�����Fก��S"�(ก�"
Inherent ControlsInherent Controls
•• Duplicate checks through Duplicate checks through
message controlmessage control
•• Sequential documents thorugh Sequential documents thorugh number rangesnumber ranges
•• Automatic integration and Automatic integration and
Configuration ControlsConfiguration Controls
•• Edit CheckEdit Check
•• Data Entry ValidationsData Entry Validations•• Document BlockingDocument Blocking•• Tolerance LevelsTolerance Levels•• Authorization GroupsAuthorization Groups
Inherent & Configurable Controls
13
•• Automatic integration and Automatic integration and postingspostings
•• All transactions through unique All transactions through unique documentsdocuments
•• History of transactions History of transactions executed by users retained executed by users retained including date, time and userincluding date, time and user
•• Logging and history of program Logging and history of program changeschanges
•• Payment BlockingPayment Blocking•• Document TypesDocument Types•• User defined Error / Warning User defined Error / Warning
MessagesMessages•• Automatic Posting with Automatic Posting with
predefined posting keyspredefined posting keys•• Reason CodesReason Codes•• Predefined Master DataPredefined Master Data•• SAP WorkflowSAP Workflow•• Mandatory and/or System Mandatory and/or System
populated fieldspopulated fields
aa ������ก������������� ������ก������������� SAPSAP �� M#�กก��(��! "��� !��LF� �� M#�กก��(��! "��� !��LF� (Risk(Risk--based Audit based Audit Approach)Approach) (��ก�����F(��ก�����Fff ก���Z��� !'��I�ก������ก���Z����'������ก���Z��� !'��I�ก������ก���Z����'������ SAP SAP (Gaining an understanding)(Gaining an understanding)
ff ก��(��! "��� !��LF�'��������� ก��(��! "��� !��LF�'��������� (Identifying the significant risks)(Identifying the significant risks)aa Business Process ControlsBusiness Process Controlsaa Application SecurityApplication Security
4&�(�ก��I��9%����� SAP
14
aa Application SecurityApplication Securityaa Program InterfaceProgram Interfaceaa Master Data MaintenanceMaster Data Maintenance
ff ก��(��! "�����ก����G '��������� ก��(��! "�����ก����G '��������� (Determining key controls)(Determining key controls)aa Manual / Procedure ControlsManual / Procedure Controlsaa Inherent ControlsInherent Controlsaa Configuration ControlsConfiguration Controlsaa Logical Access ControlsLogical Access Controlsaa Reporting ControlsReporting Controls
ff ก�����������ก����G �#�ก��(��! "��� !,�F�,�'������ก����G ก�����������ก����G �#�ก��(��! "��� !,�F�,�'������ก����G (Testing (Testing those controls to confirm their adequacy)those controls to confirm their adequacy)
������ก��������� SAP R/3 ��
15
Business Cycles
�,�� ����RG�ก"�'�� SAP R/3
Creating Customer Creating Customer RelationshipRelationship
Sales QuotationSales Quotation
Sales OrderSales Order
Goods IssueGoods Issue
Material Material Requirement Requirement
PlanningPlanning
Creating Vendor Creating Vendor RelationshipRelationship
Purchase Purchase RequisitionRequisition
Purchase OrderPurchase Order
Creating Creating Production OrderProduction Order
Producing Producing InventoryInventory
Handling Finished Handling Finished GoodsGoods
Raw Materials Raw Materials ManagementManagement
ProductionProduction
16
Delivery NoteDelivery Note
InvoiceInvoice
Account Account ReceivableReceivable
CollectionCollection
Goods ReceiptGoods Receipt
Invoice Invoice VerificationVerification
Accounts PayableAccounts Payable
PaymentPaymentReportingReporting
RevenueRevenue ExpenditureExpenditure
Page 60, figure 4.4 Core Business Cycles
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Linking Audit Cycles to SAP Modules
Audit Business Cycles
Financial Accounting
Treasury
Fixed Assets
Financial Applications
Logistics Applications
SAP Module Functional CategorySAP Module Functional Category
17
Expenditures
Revenues
Inventory management
Payroll and Personnel
Basis Component
Cross Applications
Industry Solutions
Logistics Applications
Human Resources
Page 60, figure 4.3 Linking Audit Cycles to SAP Modules
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Expenditure Business Cycle
Requisition
Purchase Officer Enters Purchase
Order
Vendor
Purchaser/Receiving Department
Invoice
Vendor Invoice
AP Clerk Input
EFT Payment Registered
EFT ApprovalUNMATCHEDUNMATCHED
18
11. Purchases. Purchases 22. Goods Receipt. Goods Receipt 33. Invoice Processing. Invoice Processing 44. Payment. Payment
PO Release
PO
Purchase Order
Input Receiving Information
Purchaser/Receiving Department
Reconcile Officer
AP supervisor
File
EFT File
Bank Reconciliation
SAP Expenditure Business Cycle�� ��W��B�!(\� 4 �B�� ������
1. Master data maintenance– Vendor master data– Material master data– Vendor pricing information
2. Purchasing– Purchase requisition
RisksRisksก���"!���MV�� !��LF�'���������ก���"!���MV�� !��LF�'���������
Key ControlsKey Controlsก����G ��L�Z���ก����G ��L�Z���
19
– Purchase requisition– Request for Quotation (RFQ)– Purchase Order– Contract / Scheduling agreement– Release procedure (Release strategy)– Goods Receipts ( GR)
3. Invoice Processing– Invoice Verification– Three-way match process; Purchase
Order, Goods Receipts and Invoice
4. Processing Disbursements
ก����G ��L�Z���ก����G ��L�Z���
Testing TechniquesTesting Techniques!��"ก���������!��"ก���������
SAP R/3 Expenditures Business Cycle
1. Master data maintenance
2. Purchasing
3. Invoice
Expenditures Cycle
20
Processing
4. Processing Disbursements
Risksก���8'B��;<B���'%AN2������&
Key Controlsก��B��BC�(AN%6�B3?
Testing Techniques'(B&8Bก��I��9%��
ก��I��9%����� SAP R/3
Master Data Maintenance
• Master Data Maintenance Risks�� !��LF���L!ก"���กก�������M����ก�N''�� K# Vendor Master
1. (i�M�ก�������M���ก���ก�N''�� K# Vendor Master ��LN BWKก���� ����Z�IM�!ก"��� !��LF� N���กB ก����L������"�����ก Vendor ��LN BN�����
21
����Z�IM�!ก"��� !��LF� N���กB ก����L������"�����ก Vendor ��LN BN�������G���, ก���B�F!�"�B��"��� �#� discount terms N BWKก����
2. '�� K# Vendor Master N B!(\�(i��G���• '�� K#'�� Vendor �ก��!(#�LF��(#���BF��N BN���ก�N'I�����• I����� � Vendor ��LN B �ก��!#�L��NM��FKB!(\��Z���� �ก
Page 122
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
• �G���G ��L�Z���I�!��L��ก�������M����ก�N''�� K# Vendor Master1. (i�M�ก�������M���ก���ก�N''�� K# Vendor Master ��LN BWKก����
Key Controls O014ก7 :
- IM� �ก�����������F���ก��!(#�LF��(#�'�� K# Vendor Master �FKB!� �
-กZ�M��SK����S"����I�ก�������M����ก�N''�� K#IM�!M ���
-ก��กZ�M��B���G I����� (Configure) ��IM�!M ��� ก��ก#GB '�� Vendor Master ��L �
Master Data Maintenance Key Controls
22
-ก��กZ�M��B���G I����� (Configure) ��IM�!M ��� ก��ก#GB '�� Vendor Master ��L ��� ��ก�B��ก�����F
2. '�� K# Vendor Master N B!(\�(i��G���
Key Controls O014ก7 :
- IM� �ก��������ก��!(#�LF��(#�'�� K# Vendor Master �#�(���(�G�'�� K#��L�FKBI�����IM�!(\�(i��G����FKB!� �
Page 122 - 123
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Master Data Maintenance • !��"ก��������� Vendor Master
1. ���������ก��F���ก��!(#�LF��(#�/�ก�N''�� K# Vendor Master(Program RFKABL00)
2. ������� User access authorization I�ก��!(#�LF��(#�/�ก�N''�� K#
Vendor Master �B�!(\�N(�� �XF��F��"j��M���N B
3. �������ก��กZ�M��B���G I����� (Configurable Control settings)
23
3. �������ก��กZ�M��B���G I����� (Configurable Control settings)
IM� ��� ���#���ก��ก#GB '�� Vendor Master �[L�����ก��ก����G ��L ��� ��ก�B��ก��
4. ��������� ��Z�����'��'�� K# - Extract '�� K# Vendor Master ��ก Table LFA1
5. �������M#�ก���ก����G ��"��กSK� ��Z����I�ก������� Vendor Master I����� (Program RFKKVZ00)
Page 123 - 124
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
SAP R/3 Expenditures Business Cycle
1. Master data maintenance
2. Purchasing
3. Invoice
Expenditures Cycle
24
Processing
4. Processing Disbursements
Risksก���8'B��;<B���'%AN2������&
Key Controlsก��B��BC�(AN%6�B3?
Testing Techniques'(B&8Bก��I��9%��
ก��I��9%����� SAP R/3
Purchasing Risk
�� !��LF�'��ก���������
1. (i�M�ก��I�B'�� K# �#�ก���ก�N''�� K# Purchasing N BWKก���� ����Z�IM�!ก"��� !��LF� N���กB ก��N������"���N BWKก����, N B���!�#� �� W[�
ก�����������LN BN�����ก����G ��"��LWKก���� (Release Strategy)
25
ก�����������LN BN�����ก����G ��"��LWKก���� (Release Strategy)
2. ก������"�����LN B���ก��I���L�����
�Z�����"��� �#�/M��� ��"��"��� N B���ก��I���L�����
3. ก���B����"���IM� Supplier #B���� M���N B!(\�N(�� กZ�M��!�#�
Page 124
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Purchasing Key Controls1. (i�M�ก��I�B'�� K# �#�ก���ก�N''�� K# PurchasingKey Controls N���กB :
- �Z�ก��SK����S"����I�ก�������,�ก�N''�� K# �#�ก��Fก!#"กก���������
- กZ�M�� Source list of Material �� Vendor approval list
- I�� SAP R/3 Release Strategy
2. ก������"�����LN B���ก��I���L�����
26
2. ก������"�����LN B���ก��I���L�����Key Controls N���กB :
- �������ก����������F���ก������"�����LS"�(ก�" !�B� ��Fก������"�����LN B �I���L�����
- �Z�ก��SK����S"����I�ก��(k��'�� K#, ก���ก�N' M���ก��Fก!#"ก��Fก������"���
3. ก���B����"���IM� Supplier #B���� M���N B!(\�N(�� กZ�M��!�#�Key Controls N���กB :
- �������ก�����ก���B����"��� �#���F���ก���B����"�����ก����Page 125
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Purchasing Testing Techniques
• !��"ก���������ก���������I�����
1. ������� User access to PR/PO transaction �B�!(\�N(�� �XF��F��"j��M���N B
2. ������� Approval source list of materials and Approval Vendor
Lists
3. �������ก��กZ�M��B���G I����� (Configurable Control settings) I�ก��
27
3. �������ก��กZ�M��B���G I����� (Configurable Control settings) I�ก��
กZ�M�� Release Strategy �� W[�ก���������IM�!(\�N(�� �XF��F��"j�����F
4. ก�����������F��L��#�!M�GS#'�� Vendor ��L �ก������B�F!�"�!(\�!�#����
(Program RM06EM00)
5. ���������Fก���"�����L�����B��� Vendor
(Transaction MB51; specify Storage location & movement type)
Page 125 - 127
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
SAP R/3 Expenditures Business Cycle
1. Master data maintenance
2. Purchasing
3. Invoice
Expenditures Cycle
28
Processing
4. Processing Disbursements
Risksก���8'B��;<B���'%AN2������&
Key Controlsก��B��BC�(AN%6�B3?
Testing Techniques'(B&8Bก��I��9%��
ก��I��9%����� SAP R/3
Invoice Processing Risk
• �� !��LF�'��ก������M���B��"���/��"ก��
1. �Z����!�"���L������[ก!(\�!���M��� N B!(\�N(�� �Z�����"���M�����"ก����L��"j��N�����
2. �Z����!�"���L����[กN BWKก���� M�������[กN B����� ���!�#�
29
2. �Z����!�"���L����[กN BWKก���� M�������[กN B����� ���!�#�
3. I�#�M���M�����Fก��(���(�G� ����[กN BWKก���� M�������[กN B�����
���!�#�Page 127
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Invoice Processing Key Controls1. �Z����!�"���L������[ก!(\�!���M��� N B!(\�N(�� �Z�����"���M�����"ก����L��"j��N�����
Key Controls N���กB :
- �Z�ก��SK����S"����I�ก�� input '�� K#, ก���ก�N', ก��Fก!#"ก M���ก����G ��"�B�F!�"� X�FSK��Z�M�����L���ก#B��N B��!(\��!��F�ก��ก��SK���L��กI���L����� (PO) �#�/M���SK���L�Z�M�����L����"��� (GR)
2. �Z����!�"���L����[กN BWKก���� M�������[กN B����� ���!�#�Key Controls N���กB :
- กZ�M��B���G I����� (Configurable Control settings) > Three-way match
30
process; (Purchase Order, Goods Receipts and Invoice) and posting period control
- กZ�M��B���G I������Z�M���B� Tolerance limits �#������ GR/IR
- ���������F���I���L�������L!ก"�กZ�M��!�#��FB��� LZ�!� �
- �Z�ก��SK����S"����I�ก������[ก Exchange rate
3. I�#�M���M�����Fก��(���(�G� ����[กN BWKก���� M�������[กN B����� ���!�#�Key Controls N���กB :
- �Z�ก��SK����S"����I�ก�� input '�� K#, ก���ก�N', ก��Fก!#"ก M���ก����G ��"I�#�M���B��"���
Page 125
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Invoice Processing Testing Techniques
1.������� User access authorization – Invoice Processing2. �������ก��กZ�M��B� GR/IR control indicator (globally required)
3. �������ก��กZ�M��B���G I����� (Configurable Control settings) �Z�M���B�
Tolerance limits �#� Message control X�F�� W[�ก���������IM�!(\�N(��
�XF��F��"j�����F
31
�XF��F��"j�����F
4. ก���������F���!M#��'������� GR/IR (Program RM06EM00)
5. ���������F���I���L�������L!ก"�กZ�M��!�#� (PO Outstanding) – Program
RM06EM00
6. ���������F���ก���ก�N' Exchange rate
Page 127 - 129
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
SAP R/3 Expenditures Business Cycle
1. Master data maintenance
2. Purchasing
3. Invoice
Expenditures Cycle
32
Processing
4. Processing Disbursements
Risksก���8'B��;<B���'%AN2������&
Key Controlsก��B��BC�(AN%6�B3?
Testing Techniques'(B&8Bก��I��9%��
ก��I��9%����� SAP R/3
Processing Disbursement Risks
• �� !��LF�'��ก���B�F!�"�B��"���/��"ก�� N���กB
1. ก����G ��"�B�F!�"�IM�ก��!���M�����LN B ������
2. �Z����!�"���L�B�FN BWKก���� M����B�F!�"�X�FF��N BN������"���
33
2. �Z����!�"���L�B�FN BWKก���� M����B�F!�"�X�FF��N BN������"���
3. ก���B�F!�"�X�FM#�ก!#�LF�ก������[ก!'������
Page 129
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Processing Disbursement Key controls
• �G���G ��L�Z���!��L�� Invoice Processing
1. �Z�ก��SK����S"����I�ก���Z� Payment run I�����
�� �ก���Z�ก��SK����S"����I�ก���ก�N'ก���Z���Fก���B�F!�"�I����� (Payment
34
�� �ก���Z�ก��SK����S"����I�ก���ก�N'ก���Z���Fก���B�F!�"�I����� (Payment run parameter) M����Z�ก���Z�������L�� ��W�Z���Fก���B�F!�"�I�����N��
2. �Z�ก��SK����S"����I�ก�� Release blocked invoice
�� �ก��กZ�M��/�Z�ก��SK���L�� ��W(#� lock ก���B�F!�"��Z�M��� invoice ��LWKก
block for payment N�� ����ก��(#� lock !(\���F invoice �#���F
vendorPage 129
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
Processing Disbursement Testing Techniques
1. ������� User access authorization – Invoice Processing
– Automatic Payments Transactions
– Parameters for Payment
– Payment with printout
35
2. ������� User access authorization – Release
invoices
– Change document
– Change line items
– Block/unblock vendor
Page 130
Book: Security , Audit and Control Features SAP R/3, 2nd Edition
ก���������ก����B��FกM�����L
ก����B��FกM�����L���� ��W#�X�ก��'��ก��!ก"�'��S"�,#��I�ก��(e"���"���X�F��B��Fกก�����ก���Z����N(F���G#��L�B��ก��I���B#��B��!�#�'��ก�����ก�� X�F(ก�"����B��FกX�F
aApproval (RA)
36
aApproval (RA)
aCustody (AA)
aRecording / Transaction processing (TP)
aControl (CO)
�Z�M������� ERP �#� �ก����B��FกM�����L�����ก��"�M�[L���
a Access to master data maintenance (MD)
ก��������ก���� ก�������
37
ก��������ก���� ก�������
���ก������ transaction code ���ก������ !
38
����1��R5%��%&'()'�SN�ก��I��9%���& SAP (AIS)
Audit Information SystemAudit Information System (AIS)(AIS) !(\�����!(\�����'�� K#�����!�H!,�L�ก��������������� '�� K#�����!�H!,�L�ก��������������� SAPSAP �#�!(\�!��L�� ���Z�M���SK����������L��I��I�ก���#�!(\�!��L�� ���Z�M���SK����������L��I��I�ก���"��� �#��������ก����G �FI�'�������"��� �#��������ก����G �FI�'������(Inherent Control & Configuration Control)(Inherent Control & Configuration Control)
AIS AIS (��ก�����F (��ก�����F
39
AIS AIS (��ก�����F (��ก�����F 11. . !��L�� ��ก������������� !��L�� ��ก������������� ((System Audit)System Audit)
-- System configurationSystem configuration-- System logs and status displaysSystem logs and status displays-- Development / customizingDevelopment / customizing
22. . !��L�� ��ก�����������Fก�����RG�ก"� !��L�� ��ก�����������Fก�����RG�ก"� ((Business Business Audit)Audit)
-- Organization overviewOrganization overview-- Financial statement Financial statement ––oriented auditoriented audit-- ProcessProcess--originated auditoriginated audit
40
41
42
43
ก���������� GFMIS
��������
ก����G ��L�N(
44
ก����G ��L�N((General Controls)
���F
3. �� M �F�#����WG(����V'��ก����G ��L�N(I����������!�H
ก��B��BC�(3N�O. ;��2=T ก��B��BC�D&%7�&(AN'กAN2��1�ก3�%���4�051����ก��B��BC���2D& &U2��245�8VAก��D&ก��B��BC����%��%&'() ก��B��BC�B���.5�0�32 ก��B��BC�ก���3W&�45.�3�.�C 45ก��.X�ก3&/50B���'%A2;�2����� '.Y&ก��B��BC���2D&%6�;�3��B<ก��;�S�B��
45
50B���'%A2;�2����� '.Y&ก��B��BC���2D&%6�;�3��B<ก��;�S�B���AD&(Cก Z %7�&�����%��%&'()
'�SN�D;1'ก80B����3N&D9�7����B���8�'I��<U02������B<ก���AB���'%=A2� �Aก��930ก��(AN0A 45'.Y&%7�&;&TN(AN9ก7�D;1'ก80�R�[���
4. ก����G ��L�N(I����������!�H
4.1 ก��ก6�;&0&U2��2D&ก��D@1%��%&'()4.2 ก��4�742ก;&1�(AN�&D&���%��%&'()
4.3 ก��B��BC�UB�ก���3W&����%��%&'()
46
4.3 ก��B��BC�UB�ก���3W&����%��%&'()
4.4 ก��B��BC�ก��'.5AN2&4.54ก1O����
4.5 ก��B��BC�ก��.`8�3I8�&D&)R&2<B���8�'I��<
4.6 ก��B��BC�ก��'�1�=T�C.ก�[<B���8�'I��<
4.7 ก��B��BC�ก��'�1�=T�1��R545(�3�2�ก�%��%&'()
ก����G ��L�N(I����������!�H (�B�)
4.8 ก��B��BC�'�1�=T����&4.9 ก��B��BC�ก��930'กd��1��R5
4.10 ก��B��BC�ก��%SN�%���1��R5
47
4.10 ก��B��BC�ก��%SN�%���1��R5
4.11 ก��ก6�;&0��I�g�&��'�ก%�����%��%&'()
4.12 ก��50B���'%A2;�2(AN��9'ก80�Th&ก3����B���8�'I��<
4.13 ก����4i&กK�������ก�F,"���"
4.1 ก��กZ�M���XF��F�����!�H
��XF��F��L���!���B�I�����ก��!'��W[�'�� K#��N� ! �L�NM�B I��������I�
ก��IM��"�R"I�ก��!'��W[���I��M#�ก mneed to known
48
ก��IM��"�R"I�ก��!'��W[���I��M#�ก mneed to known
4.2 ก����B��FกM�����L���I����������!�Ha ��B��FกM�����L�� ���S"����'��SK�(e"���"����������� ,"�!���VIM����!��
f ����"!���MV���� (System Analysis)
f ���!'�F�X(��ก� (Programming)
f ���(e"���"ก��� ,"�!���V (Computer Operation)
49
f ���(e"���"ก��� ,"�!���V (Computer Operation)
f ���'��SK�I�� (User)
f ������C���กjV���� (System Library)
f �����G '�� K# (Data Control)
4.3 ก����G X��ก��,�p�����������!�H
a �S�� B����F�F��
a �S����,�p������
a กZ�M��ก��(�� �#S#'�� K#
50
a กZ�M��ก��(�� �#S#'�� K#
a ก�� ��M �FM�����L�#��� ���S"����
a ก��(��! "�S#�����M�B��ก���Z�!�"�X��ก��
a ก���������FM#��ก���"����������#��Z����� �I�����
a ก�����S#ก���Z�!�"����'������
4.4 ก����G ก��!(#�LF��(#��ก�N'����
• ก��กZ�M����!��F��"R�(e"���"I�ก���ก�N'������L!(\�#�F#�กjCV��กj�
a �ก��H[กj�W[�S#ก�����B�� q
51
a �ก�������������L�ก�N'�#��กB���Z�N(I��
a ����Z�!�ก���KB ��(��ก��ก���ก�N'
a (��! "�S#�#���������������FM#��!�"L I��
4.5 ก����G ก��!'��W[�'�� K#�#����,F�ก������!�H
• ก��(�� �#S#�������
a ก���Z����'�� K#
a ก�����ก��(i�M�'������
52
a ก�����ก��(i�M�'������
4.6 ก����G !'��W[��G(ก�CV� ,"�!���V
• �W����L "��"�a �ก����กj��� (#���FM����B�a !'����กN��!r,��SK�!ก�LF�'���a กZ�M���XF��F��กj��� (#���F��L���!��
53
a กZ�M���XF��F��กj��� (#���F��L���!��a �"�����!�����Fก�C� �SK��Gก�Gกa �Z�ก��IM�I��X��H�,�V!r,��!��L����L!ก�LF�ก����� a �"��G(ก�CV(k��ก��!��L��� ,"�!���Va ��G ��,���#�� I�ก���Z����
4.7 ก����G ก��!'��W[�'�� K#�#����,F�ก������!�H
a ���H��'��SK�I�� (User Views or Subschema)
a �����ก����G���"IM�!'��W[����'�� K# (Database Authorization Table)
54
a ก��!'���M��'�� K# (Data Encryption)
a ก����G ก����G ��'�� K# (Inference Controls)
4.8 ก����G ก��!'��W[��������
a ก����������� !�Y���"� (Authentication)
f �M��SB�� (Password)
f ก�����G��������F�B���L ����ก�F�, (Physical Possession Identification)
f ก�����G��������FB��������, (Biometric Identification)
55
f ก�����G��������FB��������, (Biometric Identification)
a ก��กZ�M���"�R" (Authorization)
a ก������[กก"�ก�� �B�� q I�����!,�L�ก��������� (Audit Log)
4.9 ก����G ก�����!กY�'�� K#
a �B����Fก���������
a M���� G��tk '�� K#
56
• Label (external and internal )
4.10 ก����G ก����L����'�� K#
• Encryption• Callback system• Parity bit
57
4.11 ก��กZ�M�� ������!�ก������������!�H
• ก������Z�!�ก������ก����"M��
a ก������Z�!�ก����������
a ก������Z�!�ก���(��ก��ก��(e"���"ก��
58
a ก������Z�!�ก���(��ก��ก��(e"���"ก��
4.12 ก��#��� !��FM�F��L���!ก"�'[��ก������� ,"�!���V
• ก���Z��G���กj�I�!�"�(k��ก�� (Preventive Maintenance)a �G(ก�CVNttk��Z���� (Uninterrupted Power Supply)
a ������L���B��� �ก,�B�� (Fault Tolerant)
59
a ������L���B��� �ก,�B�� (Fault Tolerant)
4.13 ก������S�กK�������ก�F,"���"
�S����� W[�a Backup files, facilities, and stationery
a ก�����#Z������ �Z���'�������L����กK�กB��
60
a ก�����#Z������ �Z���'�������L����กK�กB��
a ก��กZ�M���� ��L���S"����ก��กK�����
a ก��uvก��� ก��กK�����
�� !��LF���กก��'��ก����G ��L�N(��L��
a �,�� '��ก����G �FI�'��(���"�R"�,
a '�� K#M���X(��ก� ���!ก"��� !��FM�F
a '�� K#M���X(��ก� ��� �ก���Z�N(I��X�FN BN�����
61
a '�� K#M���X(��ก� ��� �ก���Z�N(I��X�FN BN�������G���
a �������MFG�����ก
Questions
&
Answers
62
Answers