audgfmis new 2 ' 4. [ b + ! ' 2 ! @ i 2 1 d...

ก�� GFMIS:

��ก��

1

��ก��

��. ��

�� GFMIS

Operating System SAP R/3 (GFMIS)

MIS(��%��%&'())MIS - BW SEM

PO��FM CO

FI��ก��!�"��#��ก��!�"��#��

2

BISBIS'�� ('�� (..

DPISDPIS'�� ก,'�� ก,..

ee--Procurement Procurement '��ก� ��ก#��'��ก� ��ก#��(e-catalog,e-shopping list ee--Auction)Auction)

e-Payroll , e-Pension'��ก� ��ก#��

AFMIS'��B��ก��

��FM

��(�� C��(�� C HR

��,F�ก��G#��,F�ก��G#

CO

��G��G�

��ก��!�"��#��ก��!�"��#��.�ก��01�2.�ก��01�2

RPRP ��3�45&6�%7'8&��3�45&6�%7'8&APAP ��'�8ก97�2��'�8ก97�2

CM CM ��8;��'8&%0��8;��'8&%0FAFA ��%8&(�3�2<=��%8&(�3�2<=��GLGL ��3?@A42ก.�'�(��3?@A42ก.�'�(

ก��!�H

1. Review of Organization’s

Policies, Practices, and Structure

2. Review General

4. Perform Test of Controls

7. Perform Substantive Tests

Audit Planning Tests of Controls Substantive Testing

3

2. Review General controls and Application

Controls

3. Plan Tests of Controls and Substantive

Testing Procedure

5. Evaluate Test Results

6. Determine Degree of Reliance

on Controls

8. Evaluate Results and Issue

Auditor’s Report

9.Audit Report

* Information Systems Auditing and Assurance by James A.Hall

ก��(��! "�ก��G �FI�

1. �K�B� �ก��G �FI��L!,�F�,�M��N B

(Adequate controls)

4

2. �K�B�ก��G �FI��L �� (��"�R"S#M��N B

(Control effectiveness)

Control Matrix

Errors

5

Controls

Control MatrixControl Matrix

6

�� ,��RV��M�B��ก��G �FI�ก��#�ก��I�ก��

W��X��ก��G �FI�!'� �'Y� SK��Z�ก��ก��G !,�L��K�B�ก��

7

��Z�ก��ก��G !,�L��K�B�ก��G �(��"�R"S# �[L�W��!(\��"�กY�� W#�ก��!��M��N��

!��"ก��I�� ,"�!��V�B�FI�ก��Computer-Assisted Auditing Tools and

Techniques (CAATTs)

��L�"F I��ก��L�N( N��กB

- Test Data ก��ก��G

8

- Test Data ก��ก��G

- Generalized Audit Software (GAS)

X(��ก� �Z�!�Y��K(�Z�M��ก��L�N(

I��Z�M��ก��!��M��

� � ��L!ก�LF�'��ก�� IT Audit

a � � SK��G��MB��M��! �"ก� American Institute of Certified Public Accountants, Inc. (AICPA) http://www. aicpa.org

9

(AICPA) http://www. aicpa.org

a � � SK��FI� (Institute of Internal Auditors-- IIA) http://www. theiia.org

Control framework for ERP Environment

Program Interface/Data Conversion Integrity

Design and implement controls for one-time conversions and ongoing interfaces.

1. Legacy system security2. Interface3. Conversion

Hardware

Operating system

IS Policies/Procedures Technology Integrity1. System security2. Monitoring3. Change management4. Scheduling5. Backup recovery6. Disaster recovery

Business Process Integrity1. Business Risk2. Control objective3. Control requirements

Business P

rocesses

10

Project ManagementChange management and project disciplines

Remote Access-Certification (PKI) Encryption, etc. F

irew

all Database

ERP Application

3. Control requirements4. Control techniques5. Type of control

Application Security1. Security requirements2. Security design

3. Security configuration (DEV & PRD)

4. Administration procedures development

Business P

rocesses

SAP R/3 Audit Layers

Database systems

(IT) Organization and Business Departments

SAP R/3 Basis System

Single Module

IT Audit and

11

Physical and Organizational Situation in the IT Environment

Network and Communication Systems

Operating System

Database systemsIT basicsecurity

*Introduction to the SAP R/3 System focusing on audit aspects By Roger Odenthal

.�'�(��ก��B��BC��2D&%6�;�3�� SAP

a ก��G X�F�"R�(e"��"�� (Manual / procedural controls)f กZ�M��XF��Fก��(e"��"��#��!��F�(e"��"

a ก��G X�F��(e"��"�� (Inherent controls)

a ก��G X�Fก��กZ�M��B�ก��Z��'�� (Configuration controls)

12

a ก��G X�Fก��กZ�M��B�ก��Z��'�� (Configuration controls)

a ก��G ก��!'��W[�'�� K# (Logical access controls)

f ก��กZ�M��"�R"ก��!'��W[�'�� K#f ก��กZ�M��ก��B��FกM��LI�� (Segregation of duties)

a ก��G X�Fก��I��F�� (Reporting Controls)f ��F��Fก��S"�(ก�"

Inherent ControlsInherent Controls

•• Duplicate checks through Duplicate checks through

message controlmessage control

•• Sequential documents thorugh Sequential documents thorugh number rangesnumber ranges

•• Automatic integration and Automatic integration and

Configuration ControlsConfiguration Controls

•• Edit CheckEdit Check

•• Data Entry ValidationsData Entry Validations•• Document BlockingDocument Blocking•• Tolerance LevelsTolerance Levels•• Authorization GroupsAuthorization Groups

Inherent & Configurable Controls

13

•• Automatic integration and Automatic integration and postingspostings

•• All transactions through unique All transactions through unique documentsdocuments

•• History of transactions History of transactions executed by users retained executed by users retained including date, time and userincluding date, time and user

•• Logging and history of program Logging and history of program changeschanges

•• Payment BlockingPayment Blocking•• Document TypesDocument Types•• User defined Error / Warning User defined Error / Warning

MessagesMessages•• Automatic Posting with Automatic Posting with

predefined posting keyspredefined posting keys•• Reason CodesReason Codes•• Predefined Master DataPredefined Master Data•• SAP WorkflowSAP Workflow•• Mandatory and/or System Mandatory and/or System

populated fieldspopulated fields

aa ��ก�� ก�� SAPSAP �� M#�กก��(��! "�� !��LF� �� M#�กก��(��! "�� !��LF� (Risk(Risk--based Audit based Audit Approach)Approach) (��ก��F(��ก��Fff ก��Z�� !'��I�ก��ก��Z��'��ก��Z�� !'��I�ก��ก��Z��'�� SAP SAP (Gaining an understanding)(Gaining an understanding)

ff ก��(��! "�� !��LF�'�� ก��(��! "�� !��LF�'�� (Identifying the significant risks)(Identifying the significant risks)aa Business Process ControlsBusiness Process Controlsaa Application SecurityApplication Security

4&�(�ก��I��9%�� SAP

14

aa Application SecurityApplication Securityaa Program InterfaceProgram Interfaceaa Master Data MaintenanceMaster Data Maintenance

ff ก��(��! "��ก��G '�� ก��(��! "��ก��G '�� (Determining key controls)(Determining key controls)aa Manual / Procedure ControlsManual / Procedure Controlsaa Inherent ControlsInherent Controlsaa Configuration ControlsConfiguration Controlsaa Logical Access ControlsLogical Access Controlsaa Reporting ControlsReporting Controls

ff ก��ก��G �#�ก��(��! "�� !,�F�,�'��ก��G ก��ก��G �#�ก��(��! "�� !,�F�,�'��ก��G (Testing (Testing those controls to confirm their adequacy)those controls to confirm their adequacy)

��ก�� SAP R/3 ��

15

Business Cycles

�,�� RG�ก"�'�� SAP R/3

Creating Customer Creating Customer RelationshipRelationship

Sales QuotationSales Quotation

Sales OrderSales Order

Goods IssueGoods Issue

Material Material Requirement Requirement

PlanningPlanning

Creating Vendor Creating Vendor RelationshipRelationship

Purchase Purchase RequisitionRequisition

Purchase OrderPurchase Order

Creating Creating Production OrderProduction Order

Producing Producing InventoryInventory

Handling Finished Handling Finished GoodsGoods

Raw Materials Raw Materials ManagementManagement

ProductionProduction

16

Delivery NoteDelivery Note

InvoiceInvoice

Account Account ReceivableReceivable

CollectionCollection

Goods ReceiptGoods Receipt

Invoice Invoice VerificationVerification

Accounts PayableAccounts Payable

PaymentPaymentReportingReporting

RevenueRevenue ExpenditureExpenditure

Page 60, figure 4.4 Core Business Cycles

Book: Security , Audit and Control Features SAP R/3, 2nd Edition

Linking Audit Cycles to SAP Modules

Audit Business Cycles

Financial Accounting

Treasury

Fixed Assets

Financial Applications

Logistics Applications

SAP Module Functional CategorySAP Module Functional Category

17

Expenditures

Revenues

Inventory management

Payroll and Personnel

Basis Component

Cross Applications

Industry Solutions

Logistics Applications

Human Resources

Page 60, figure 4.3 Linking Audit Cycles to SAP Modules


Expenditure Business Cycle

Requisition

Purchase Officer Enters Purchase

Order

Vendor

Purchaser/Receiving Department

Invoice

Vendor Invoice

AP Clerk Input

EFT Payment Registered

EFT ApprovalUNMATCHEDUNMATCHED

18

11. Purchases. Purchases 22. Goods Receipt. Goods Receipt 33. Invoice Processing. Invoice Processing 44. Payment. Payment

PO Release

PO

Purchase Order

Input Receiving Information

Purchaser/Receiving Department

Reconcile Officer

AP supervisor

File

EFT File

Bank Reconciliation

SAP Expenditure Business Cycle�� W��B�!(\� 4 �B��

1. Master data maintenance– Vendor master data– Material master data– Vendor pricing information

2. Purchasing– Purchase requisition

RisksRisksก��"!��MV�� !��LF�'��ก��"!��MV�� !��LF�'��

Key ControlsKey Controlsก��G ��L�Z��ก��G ��L�Z��

19

– Purchase requisition– Request for Quotation (RFQ)– Purchase Order– Contract / Scheduling agreement– Release procedure (Release strategy)– Goods Receipts ( GR)

3. Invoice Processing– Invoice Verification– Three-way match process; Purchase

Order, Goods Receipts and Invoice

4. Processing Disbursements

ก��G ��L�Z��ก��G ��L�Z��

Testing TechniquesTesting Techniques!��"ก��!��"ก��

SAP R/3 Expenditures Business Cycle

1. Master data maintenance

2. Purchasing

3. Invoice

Expenditures Cycle

20

Processing


Risksก��8'B��;<B��'%AN2��&

Key Controlsก��B��BC�(AN%6�B3?

Testing Techniques'(B&8Bก��I��9%��

ก��I��9%�� SAP R/3

Master Data Maintenance

• Master Data Maintenance Risks�� !��LF��L!ก"��กก��M��ก�N''�� K# Vendor Master

1. (i�M�ก��M��ก��ก�N''�� K# Vendor Master ��LN BWKก�� Z�IM�!ก"�� !��LF� N��กB ก��L��"��ก Vendor ��LN BN��

21

��Z�IM�!ก"�� !��LF� N��กB ก��L��"��ก Vendor ��LN BN��G��, ก��B�F!�"�B��"�� #� discount terms N BWKก��

2. '�� K# Vendor Master N B!(\�(i��G��• '�� K#'�� Vendor �ก��!(#�LF��(#��BF��N BN��ก�N'I��• I�� Vendor ��LN B �ก��!#�L��NM��FKB!(\��Z�� ก

Page 122


• �G��G ��L�Z��I�!��L��ก��M��ก�N''�� K# Vendor Master1. (i�M�ก��M��ก��ก�N''�� K# Vendor Master ��LN BWKก��

Key Controls O014ก7 :

- IM� �ก��F��ก��!(#�LF��(#�'�� K# Vendor Master �FKB!� �

-กZ�M��SK��S"��I�ก��M��ก�N''�� K#IM�!M ��

-ก��กZ�M��B��G I�� (Configure) ��IM�!M �� ก��ก#GB '�� Vendor Master ��L �

Master Data Maintenance Key Controls

22

-ก��กZ�M��B��G I�� (Configure) ��IM�!M �� ก��ก#GB '�� Vendor Master ��L �� ก�B��ก��F

2. '�� K# Vendor Master N B!(\�(i��G��

Key Controls O014ก7 :

- IM� �ก��ก��!(#�LF��(#�'�� K# Vendor Master �#�(��(�G�'�� K#��L�FKBI��IM�!(\�(i��G��FKB!� �

Page 122 - 123


Master Data Maintenance • !��"ก�� Vendor Master

1. ��ก��F��ก��!(#�LF��(#�/�ก�N''�� K# Vendor Master(Program RFKABL00)

2. �� User access authorization I�ก��!(#�LF��(#�/�ก�N''�� K#

Vendor Master �B�!(\�N(�� XF��F��"j��M��N B

3. ��ก��กZ�M��B��G I�� (Configurable Control settings)

23

3. ��ก��กZ�M��B��G I�� (Configurable Control settings)

IM� �� #��ก��ก#GB '�� Vendor Master �[L��ก��ก��G ��L �� ก�B��ก��

4. �� Z��'��'�� K# - Extract '�� K# Vendor Master ��ก Table LFA1

5. ��M#�ก��ก��G ��"��กSK� ��Z��I�ก�� Vendor Master I�� (Program RFKKVZ00)

Page 123 - 124




2. Purchasing

3. Invoice

Expenditures Cycle

24

Processing


Risksก��8'B��;<B��'%AN2��&



ก��I��9%�� SAP R/3

Purchasing Risk

�� !��LF�'��ก��

1. (i�M�ก��I�B'�� K# �#�ก��ก�N''�� K# Purchasing N BWKก�� Z�IM�!ก"�� !��LF� N��กB ก��N��"��N BWKก��, N B��!�#� �� W[�

ก��LN BN��ก��G ��"��LWKก�� (Release Strategy)

25

ก��LN BN��ก��G ��"��LWKก�� (Release Strategy)

2. ก��"��LN B��ก��I��L��

�Z��"�� #�/M�� "��"�� N B��ก��I��L��

3. ก��B��"��IM� Supplier #B�� M��N B!(\�N(�� กZ�M��!�#�

Page 124


Purchasing Key Controls1. (i�M�ก��I�B'�� K# �#�ก��ก�N''�� K# PurchasingKey Controls N��กB :

- �Z�ก��SK��S"��I�ก��,�ก�N''�� K# �#�ก��Fก!#"กก��

- กZ�M�� Source list of Material �� Vendor approval list

- I�� SAP R/3 Release Strategy

2. ก��"��LN B��ก��I��L��

26

2. ก��"��LN B��ก��I��L��Key Controls N��กB :

- ��ก��F��ก��"��LS"�(ก�" !�B� ��Fก��"��LN B �I��L��

- �Z�ก��SK��S"��I�ก��(k��'�� K#, ก��ก�N' M��ก��Fก!#"ก��Fก��"��

3. ก��B��"��IM� Supplier #B�� M��N B!(\�N(�� กZ�M��!�#�Key Controls N��กB :

- ��ก��ก��B��"�� #��F��ก��B��"��ก��Page 125


Purchasing Testing Techniques

• !��"ก��ก��I��

1. �� User access to PR/PO transaction �B�!(\�N(�� XF��F��"j��M��N B

2. �� Approval source list of materials and Approval Vendor

Lists

3. ��ก��กZ�M��B��G I�� (Configurable Control settings) I�ก��

27

3. ��ก��กZ�M��B��G I�� (Configurable Control settings) I�ก��

กZ�M�� Release Strategy �� W[�ก��IM�!(\�N(�� XF��F��"j��F

4. ก��F��L��#�!M�GS#'�� Vendor ��L �ก��B�F!�"�!(\�!�#��

(Program RM06EM00)

5. ��Fก��"��L��B�� Vendor

(Transaction MB51; specify Storage location & movement type)

Page 125 - 127




2. Purchasing

3. Invoice

Expenditures Cycle

28

Processing


Risksก��8'B��;<B��'%AN2��&



ก��I��9%�� SAP R/3

Invoice Processing Risk

• �� !��LF�'��ก��M��B��"��/��"ก��

1. �Z��!�"��L��[ก!(\�!��M�� N B!(\�N(�� Z��"��M��"ก��L��"j��N��

2. �Z��!�"��L��[กN BWKก�� M��[กN B�� !�#�

29

2. �Z��!�"��L��[กN BWKก�� M��[กN B�� !�#�

3. I�#�M��M��Fก��(��(�G� ��[กN BWKก�� M��[กN B��

��!�#�Page 127


Invoice Processing Key Controls1. �Z��!�"��L��[ก!(\�!��M�� N B!(\�N(�� Z��"��M��"ก��L��"j��N��

Key Controls N��กB :

- �Z�ก��SK��S"��I�ก�� input '�� K#, ก��ก�N', ก��Fก!#"ก M��ก��G ��"�B�F!�"� X�FSK��Z�M��L��ก#B��N B��!(\��!��F�ก��ก��SK��L��กI��L�� (PO) �#�/M��SK��L�Z�M��L��"�� (GR)

2. �Z��!�"��L��[กN BWKก�� M��[กN B�� !�#�Key Controls N��กB :

- กZ�M��B��G I�� (Configurable Control settings) > Three-way match

30

process; (Purchase Order, Goods Receipts and Invoice) and posting period control

- กZ�M��B��G I��Z�M��B� Tolerance limits �#�� GR/IR

- ��F��I��L��L!ก"�กZ�M��!�#��FB�� LZ�!� �

- �Z�ก��SK��S"��I�ก��[ก Exchange rate

3. I�#�M��M��Fก��(��(�G� ��[กN BWKก�� M��[กN B�� !�#�Key Controls N��กB :

- �Z�ก��SK��S"��I�ก�� input '�� K#, ก��ก�N', ก��Fก!#"ก M��ก��G ��"I�#�M��B��"��

Page 125


Invoice Processing Testing Techniques

1.�� User access authorization – Invoice Processing2. ��ก��กZ�M��B� GR/IR control indicator (globally required)

3. ��ก��กZ�M��B��G I�� (Configurable Control settings) �Z�M��B�

Tolerance limits �#� Message control X�F�� W[�ก��IM�!(\�N(��

�XF��F��"j��F

31

�XF��F��"j��F

4. ก��F��!M#��'�� GR/IR (Program RM06EM00)

5. ��F��I��L��L!ก"�กZ�M��!�#� (PO Outstanding) – Program

RM06EM00

6. ��F��ก��ก�N' Exchange rate

Page 127 - 129




2. Purchasing

3. Invoice

Expenditures Cycle

32

Processing


Risksก��8'B��;<B��'%AN2��&



ก��I��9%�� SAP R/3

Processing Disbursement Risks

• �� !��LF�'��ก��B�F!�"�B��"��/��"ก�� N��กB

1. ก��G ��"�B�F!�"�IM�ก��!��M��LN B ��

2. �Z��!�"��L�B�FN BWKก�� M��B�F!�"�X�FF��N BN��"��

33

2. �Z��!�"��L�B�FN BWKก�� M��B�F!�"�X�FF��N BN��"��

3. ก��B�F!�"�X�FM#�ก!#�LF�ก��[ก!'��

Page 129


Processing Disbursement Key controls

• �G��G ��L�Z��!��L�� Invoice Processing

1. �Z�ก��SK��S"��I�ก��Z� Payment run I��

�� ก��Z�ก��SK��S"��I�ก��ก�N'ก��Z��Fก��B�F!�"�I�� (Payment

34

�� ก��Z�ก��SK��S"��I�ก��ก�N'ก��Z��Fก��B�F!�"�I�� (Payment run parameter) M��Z�ก��Z��L�� W�Z��Fก��B�F!�"�I��N��

2. �Z�ก��SK��S"��I�ก�� Release blocked invoice

�� ก��กZ�M��/�Z�ก��SK��L�� W(#� lock ก��B�F!�"��Z�M�� invoice ��LWKก

block for payment N�� ก��(#� lock !(\��F invoice �#��F

vendorPage 129


Processing Disbursement Testing Techniques

1. �� User access authorization – Invoice Processing

– Automatic Payments Transactions

– Parameters for Payment

– Payment with printout

35

2. �� User access authorization – Release

invoices

– Change document

– Change line items

– Block/unblock vendor

Page 130


ก��ก��B��FกM��L

ก��B��FกM��L�� W#�X�ก��'��ก��!ก"�'��S"�,#��I�ก��(e"��"��X�F��B��Fกก��ก��Z��N(F��G#��L�B��ก��I��B#��B��!�#�'��ก��ก�� X�F(ก�"��B��FกX�F

aApproval (RA)

36

aApproval (RA)

aCustody (AA)

aRecording / Transaction processing (TP)

aControl (CO)

�Z�M�� ERP �#� �ก��B��FกM��L��ก��"�M�[L��

a Access to master data maintenance (MD)

ก��ก�� ก��

37

ก��ก�� ก��

��ก�� transaction code ��ก�� !

38

��1��R5%��%&'()'�SN�ก��I��9%��& SAP (AIS)

Audit Information SystemAudit Information System (AIS)(AIS) !(\��!(\��'�� K#��!�H!,�L�ก�� '�� K#��!�H!,�L�ก�� SAPSAP �#�!(\�!��L�� Z�M��SK��L��I��I�ก��#�!(\�!��L�� Z�M��SK��L��I��I�ก��"�� #��ก��G �FI�'��"�� #��ก��G �FI�'��(Inherent Control & Configuration Control)(Inherent Control & Configuration Control)

AIS AIS (��ก��F (��ก��F

39

AIS AIS (��ก��F (��ก��F 11. . !��L�� ก�� !��L�� ก�� ((System Audit)System Audit)

-- System configurationSystem configuration-- System logs and status displaysSystem logs and status displays-- Development / customizingDevelopment / customizing

22. . !��L�� ก��Fก��RG�ก"� !��L�� ก��Fก��RG�ก"� ((Business Business Audit)Audit)

-- Organization overviewOrganization overview-- Financial statement Financial statement ––oriented auditoriented audit-- ProcessProcess--originated auditoriginated audit

ก�� GFMIS

��

ก��G ��L�N(

44

ก��G ��L�N((General Controls)

��F

3. �� M �F�#��WG(��V'��ก��G ��L�N(I��!�H

ก��B��BC�(3N�O. ;��2=T ก��B��BC�D&%7�&(AN'กAN2��1�ก3�%��4�051��ก��B��BC��2D& &U2��245�8VAก��D&ก��B��BC��%��%&'() ก��B��BC�B��.5�0�32 ก��B��BC�ก��3W&�45.�3�.�C 45ก��.X�ก3&/50B��'%A2;�2�� '.Y&ก��B��BC��2D&%6�;�3��B<ก��;�S�B��

45

50B��'%A2;�2�� '.Y&ก��B��BC��2D&%6�;�3��B<ก��;�S�B��AD&(Cก Z %7�&��%��%&'()

'�SN�D;1'ก80B��3N&D9�7��B��8�'I��<U02��B<ก��AB��'%=A2� �Aก��930ก��(AN0A 45'.Y&%7�&;&TN(AN9ก7�D;1'ก80�R�[��

4. ก��G ��L�N(I��!�H

4.1 ก��ก6�;&0&U2��2D&ก��D@1%��%&'()4.2 ก��4�742ก;&1�(AN�&D&��%��%&'()

4.3 ก��B��BC�UB�ก��3W&��%��%&'()

46

4.3 ก��B��BC�UB�ก��3W&��%��%&'()

4.4 ก��B��BC�ก��'.5AN2&4.54ก1O��

4.5 ก��B��BC�ก��.`8�3I8�&D&)R&2<B��8�'I��<

4.6 ก��B��BC�ก��'�1�=T�C.ก�[<B��8�'I��<

4.7 ก��B��BC�ก��'�1�=T�1��R545(�3�2�ก�%��%&'()

ก��G ��L�N(I��!�H (�B�)

4.8 ก��B��BC�'�1�=T��&4.9 ก��B��BC�ก��930'กd��1��R5

4.10 ก��B��BC�ก��%SN�%��1��R5

47

4.10 ก��B��BC�ก��%SN�%��1��R5

4.11 ก��ก6�;&0��I�g�&��'�ก%��%��%&'()

4.12 ก��50B��'%A2;�2(AN��9'ก80�Th&ก3��B��8�'I��<

4.13 ก��4i&กK��ก�F,"��"

4.1 ก��กZ�M��XF��F��!�H

��XF��F��L��!��B�I��ก��!'��W[�'�� K#��N� ! �L�NM�B I��I�

ก��IM��"�R"I�ก��!'��W[��I��M#�ก mneed to known

48

ก��IM��"�R"I�ก��!'��W[��I��M#�ก mneed to known

4.2 ก��B��FกM��L��I��!�Ha ��B��FกM��L�� S"��'��SK�(e"��"�� ,"�!��VIM��!��

f ��"!��MV�� (System Analysis)

f ��!'�F�X(��ก� (Programming)

f ��(e"��"ก�� ,"�!��V (Computer Operation)

49

f ��(e"��"ก�� ,"�!��V (Computer Operation)

f ��'��SK�I�� (User)

f ��C��กjV�� (System Library)

f ��G '�� K# (Data Control)

4.3 ก��G X��ก��,�p��!�H

a �S�� B��F�F��

a �S��,�p��

a กZ�M��ก��(�� #S#'�� K#

50

a กZ�M��ก��(�� #S#'�� K#

a ก�� M �FM��L�#�� S"��

a ก��(��! "�S#��M�B��ก��Z�!�"�X��ก��

a ก��FM#��ก��"��#��Z�� I��

a ก��S#ก��Z�!�"��'��

4.4 ก��G ก��!(#�LF��(#��ก�N'��

• ก��กZ�M��!��F��"R�(e"��"I�ก��ก�N'��L!(\�#�F#�กjCV��กj�

a �ก��H[กj�W[�S#ก��B�� q

51

a �ก��L�ก�N'�#��กB��Z�N(I��

a ��Z�!�ก��KB ��(��ก��ก��ก�N'

a (��! "�S#�#��FM#��!�"L I��

4.5 ก��G ก��!'��W[�'�� K#�#��,F�ก��!�H

• ก��(�� #S#��

a ก��Z��'�� K#

a ก��ก��(i�M�'��

52

a ก��ก��(i�M�'��

4.6 ก��G !'��W[��G(ก�CV� ,"�!��V

• �W��L "��"�a �ก��กj�� (#��FM��B�a !'��กN��!r,��SK�!ก�LF�'��a กZ�M��XF��F��กj�� (#��F��L��!��

53

a กZ�M��XF��F��กj�� (#��F��L��!��a �"��!��Fก�C� �SK��Gก�Gกa �Z�ก��IM�I��X��H�,�V!r,��!��L��L!ก�LF�ก�� a �"��G(ก�CV(k��ก��!��L�� ,"�!��Va ��G ��,��#�� I�ก��Z��

4.7 ก��G ก��!'��W[�'�� K#�#��,F�ก��!�H

a ��H��'��SK�I�� (User Views or Subschema)

a ��ก��G��"IM�!'��W[��'�� K# (Database Authorization Table)

54

a ก��!'��M��'�� K# (Data Encryption)

a ก��G ก��G ��'�� K# (Inference Controls)

4.8 ก��G ก��!'��W[��

a ก�� !�Y��"� (Authentication)

f �M��SB�� (Password)

f ก��G��F�B��L ��ก�F�, (Physical Possession Identification)

f ก��G��FB��, (Biometric Identification)

55

f ก��G��FB��, (Biometric Identification)

a ก��กZ�M��"�R" (Authorization)

a ก��[กก"�ก�� B�� q I��!,�L�ก�� (Audit Log)

4.9 ก��G ก��!กY�'�� K#

a �B��Fก��

a M�� G��tk '�� K#

56

• Label (external and internal )

4.10 ก��G ก��L��'�� K#

• Encryption• Callback system• Parity bit

57

4.11 ก��กZ�M�� !�ก��!�H

• ก��Z�!�ก��ก��"M��

a ก��Z�!�ก��

a ก��Z�!�ก��(��ก��ก��(e"��"ก��

58

a ก��Z�!�ก��(��ก��ก��(e"��"ก��

4.12 ก��#�� !��FM�F��L��!ก"�'[��ก�� ,"�!��V

• ก��Z��G��กj�I�!�"�(k��ก�� (Preventive Maintenance)a �G(ก�CVNttk��Z�� (Uninterrupted Power Supply)

a ��L��B�� ก,�B�� (Fault Tolerant)

59

a ��L��B�� ก,�B�� (Fault Tolerant)

4.13 ก��S�กK��ก�F,"��"

�S�� W[�a Backup files, facilities, and stationery

a ก��#Z�� Z��'��L��กK�กB��

60

a ก��#Z�� Z��'��L��กK�กB��

a ก��กZ�M�� L��S"��ก��กK��

a ก��uvก�� ก��กK��

�� !��LF��กก��'��ก��G ��L�N(��L��

a �,�� '��ก��G �FI�'��(��"�R"�,

a '�� K#M��X(��ก� ��!ก"�� !��FM�F

a '�� K#M��X(��ก� �� ก��Z�N(I��X�FN BN��

61

a '�� K#M��X(��ก� �� ก��Z�N(I��X�FN BN��G��

a ��MFG��ก

Questions

&

Answers

62

Answers

audgfmis new 2 ' 4. [ b + ! ' 2 ! @ i 2 1 d...

Documents