Data processing: Integrating the subsystems
Integrating the subsystems
When a number of subsystems have been designed and implemented in this way, the point will be reached when their integration becomes desirable. This involves making arrangements so that subsystems share common computer files, and data is entered into the system only once.
If subsystems are not integrated, then data may have to be entered more than once and stored in more than one file.
For example, data on goods received may be entered on the stock file as part of the stock control subsystem, then entered a second time on the supplier file as part of the paying subsystem. This is obviously not a desirable way to run a computer system, though with small-scale microcomputer systems it is sometimes unavoidable.
This phase of the systems project involves:
• Establishing organization-wide coding systems to replace the variety of coding systems that may have developed over the years in the various departments. For example, part numbers in the catalogues produced by the sales department may not match those used in the stores depart ment- this sort of inconsistency must be eliminated.
• Designing procedures so that each subsystem can access data held in the files of another.
Security can be the biggest headache in a large computer system, and the systems analyst must build into his design a
number of security procedures. The purpose of these is to protect the files from loss (through fire or other accidents), or theft of data, or unauthorized tampering.
A fire could destroy not just the computer hardware (which is insured and can be fairly easily replaced), but the organization's programs and data files, which may be irreplaceable. Theft may result'in competitors getting hold of secret information. Unauthorized tampering with the pro grams could result in the company being defrauded of large sums of money. The procedures to guard against these are as follows.
1 Loss through fire or accident. The analyst must set up procedures for keeping backup copies of programs and data files on disk or tape to protect against loss. These are called security copies. They must be stored in safe locations away from the originals.
Copies of data files will normally be made at the end of each day. In the event of an accident the current files can be re-created by keying in the day's data again on to the previous day's security copies. The security copy of today's files is called the father, and the live files which remain in the system and which are updated by the system during the next day are called the son. At the close of the next day a further security copy is made, which becomes the father, the previous father now becoming the grandfather. At the end of the following day the grandfather copy is erased and the tape or disk on which it was stored is used to create that day's father, the previous day's father now becoming the grandfather. This son-father-grandfather cycle continues indefinitely. (The reason for two backups - father and grandfather - is to guard against the possibility of that both the original and the first backup will be damaged while they are in the same location for the backing-up process, and to guard against corruption in the original being transferred to the backup.)
2 Theft. Attempts may be made to physically steal the disks or tapes containing the organization's data files. This risk is guarded against by restricting access to the computer room and library and by strictly controlling the movements of disks and tapes between the library and the computer room. More often, theft involves unauthorized personnel copying data by gaining access to the system via a remote terminal. This risk can be guarded against by a number of procedures, including the use of passwords, by restricting access to sensitive files, and by a system that allows only certain terminals with certain electronic 'signatures' to access confidential data. As a number of court cases testify, these pro cedures do not always work very well, mainly through human carelessness in, for example, the choice of passwords.
3 Tampering. Attempts to defraud companies by tampering with their programs and data files have increased with the increasing use of computers. Owing to the relative lack of human controls in a computer system, this type of risk can be difficult to guard against. The security procedures described above for theft are also relevant for protecting against tampering.
As a check against fraudulent practices, companies
are required by law to have their accounts audited. In manual systems the auditors follow an audit trail, which means they trace transactions through the system. In a computerized system, however, there may be few documents that can be checked. Furthermore, in such systems any data which is no longer useful may be deleted, which further increases the auditors' problems. The systems analyst may therefore be required to incorporate pro grams in the system which produce at the end of each day special print-outs of the day's transactions. These form the audit trails that auditors can use to check through transactions.
Comments
Post a Comment