Re: cobol code assessment


apple.time@xxxxxxxxx wrote:
> Robert, thanks for your input! I really do appreciate your advise!
> Can you please expound on what audit trails I should look for? We have
> a great 'change management' system that logs every change in the
> system. Other than that, are there other audit trails to look at?
> THANKS!

Audit trails can be of a variety of types and I don't claim to know
them all or which are best, however, I shall have a go at a brief
simplistic overview.

Online programs should ideally log all changes to files and database
tables, especially those with financial implications, this doesn't
necessarily mean one record per change per file, but might take the
form of a pseudo transaction file from which the relevant changes can
be identified and conceivably reapplied or backed out in the event of
system errors or crashes. Such changes should include the identity of
the terminal and user making them, plus the timestamp. CICS provides
journalling systems with which I am not familiar, but you may consider
looking at or for them if applicable.

Batch systems should ideally retain the transaction files, again so
they can also be reapplied or backed out. Batch systems should also
contain backup master files (or database backups) which can be related
to the relevant transaction files. I am now really getting into the
realm of JCL validation, which isn't quite what you were asking, but it
is a part of the operational system. If the transaction files are
generated online by manual input, then again terminal and user
identities plus timestamps/dates are highly desirable, if they come
from external sources, e.g. BACS tapes then their source should be
identifiable.

Databases do tend to have some form of change log, but you would have
to investigate how it is used, whether it is turned on, who can
authorise it being turned off, how it is backed up and retained, and
how easy it is to extract the desired information.

Your company presumably has external auditors who would be able to tell
you what they would expect to see and may be able to offer advice.

Robert

.

Relevant Pages

  • Re: My customer lost entire day of work
    ... >non-boot filesystems are HTFS. ... When the computer came back up I ran fsck on both the ... these transaction files would be used to update the main ... database at the end of day closing closing. ...
    (comp.unix.sco.misc)
  • restore from full backup and transaction files
    ... I was wondering if there is a script outhere already written, ... the name of a full backup and a list of transaction files to build up a ... database to the last transaction file? ...
    (microsoft.public.sqlserver.security)