Literary Warrant for Functional Requirement #4c
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
5, Managing Info. & Developing Systems, 1991
Pages 5-47
Extract Database Back-up and Recovery Procedures * - The database and its data must be backed up on a
regular basis, and the back-ups must be secured. DBMSs may include a variety of specialized recovery
procedures, such as rollback, rollforward, and partial dynamic restart. Rollback is the ability to remove
all changes made past a certain point. Rollforward is the ability to apply a large group of changes at
once, after problem correction.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
4, Managing Computer Resources, 1991
Pages 4-52
Extract MANAGEMENT REVIEW Data center management should use system incident reports to assess
the causes of operational inefficiency and poor user service and to allocate appropriate resources to
prevent such failures in the future. The following three factors are typically used to measure system
incidents: * Rerun time, which measures total rerun time and reasons for reruns * System failures and
unscheduled downtime, which also provide reasons for the breakdown * Status of reported problems,
which might include the number of unsolved problems, reported problems, resolved problems, etc.
Citation American Institute of Certified Public Accountants; Management Advisory Services Practice Aids:
Technical Consulting Practice A ID 11; "Conversion to a Microcomputer-Based Accounting System,
1989
Pages 13
Extract The computer operators can maintain logs showing which files were backed up, the operator's
name, and the date and time of the backup. (The backup medium itself should indicate the files it
contains, the accounting date through which the processing has been completed, and the date of the
backup.) If possible, the log entry indicates or summarized the day's work performed, in case the
backup or restoration is unsuccessful and reentry of the data is necessary. An important and often
overlooked element of an effective backup procedure is recovery. When errors are detected--such as
lost data or corrupt files--the backup copy will be useless if no one knows how to restore the data to the
system. Therefore, users need to know how to read the logs to determine which backup media to use,
how to read the media labels to be sure of selecting the correct backups, and how to carry out the
procedures correctly to restore the data.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 209
Extract TYPES OF EXPOSURE For each of the causes of exposure and resultant types of exposure, there
should be application and system controls in place to prevent, detect and/or recover from the occurrence
of any type of problem.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 272
Extract Error report: Each input item with one or more erroneous fields shold be shown on this report.
Exception report: This report lists entries that do not pass complete editing rules in the application
system. The processing controls should produce certain output reports which can be used by the data
control group and/or by the users to verify that the processing has taken place correctly.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 287
Extract It is the vendor's software in the form of the operating system and associated subsystems that must
ensure that records are properly written to the data base and that any errors are trapped and reported
back to the application system. The application system must then have routines which can deal with
these erroneous conditions.
Citation "SQL Environments," Federal Information Processing Standards Publication 193 (U.S. Department
of Commerce/Technology Administration and National Institute of Standards and Technology, 3
February 1995)
Pages 14
Extract Other requirements for the Direct Invocation binding style are as follows: if a statement raises an
exception condition, then the SQL/ERI Server shall display a message indicating that the statement
failed, giving a textual description of the failure; if a statement raises a completion condition that is a
"warning" or "no data", then the SQL/ERI Server shall display a message indicating that the statement
completed, giving a textual description of the "warning" or "no data"; an SQL/ERI Server that supports
null values shall provide some implementation-defined symbol for displaying null values and, for
character string values, this symbol must be distinguishable from a value of all <space>s.
Citation Saltman, R. Good security practices for electronic commerce, including electronic data
interchange.
Pages 21
Extract The following are basic objectives for the security of EDI transaction sets: ... 2) Sequence
integrity. Detection of missing, duplicated, or out-of sequence transaction sets is assured.