www.sharexxx.net - free books & magazines
www.sharexxx.net - free books & magazines
www.sharexxx.net - free books & magazines
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
58 Erwin and Singh<br />
LEGACY<br />
Turban et al. (1999) define legacy systems as older, usually mature, information<br />
systems. Some have been around for up to 30 or 40 years. Some are less than<br />
ten years old. They are often mainframe or distributed systems in which PCs act as<br />
smart terminals. Legacy systems may include LANs and even some relatively recent<br />
client/server implementations.<br />
Moore’s Law (1965) suggests that the processing power of computers<br />
doubles every 18 months. Moore has also applied this law to the Web and Ecommerce,<br />
immediately introducing the concept of legacy in such systems.<br />
The rapid advances in hardware and the expansion of the WWW have now<br />
added a new dimension to legacy applications. An entire CBIS may join the ranks<br />
of a legacy application within one to one-and-a half years of its development. This<br />
poses a special problem for computer auditing. Somehow, an internal auditor has<br />
to ‘<strong>free</strong>ze’ the state of the technology at the time that the business processes were<br />
in operation, retaining knowledge of how the particular activities were dealt with by<br />
technologies that were useful at some time in the past but are no longer applicable.<br />
The business organization may need to preserve both the data and the processing<br />
methods for post-facto inspection by an internal auditor.<br />
POSSIBLE PROBLEMS<br />
Many organizations in South Africa now offer many services on the Inter<strong>net</strong>,<br />
such as credit-card purchasing, electronic bill-payment services and digital cash.<br />
The emergence of digital cash has transformed the ‘accounting/auditing equation’<br />
and introduced many new aspects of security and integrity. Computer security<br />
involves the maintenance of three characteristics: confidentiality, integrity and<br />
availability.<br />
Table 4: Adapted from Pfleeger, 1997<br />
Security Goal Description<br />
Confidentiality Means that the assets of a computing system are accessible only by<br />
authorized parties. This type of access is read-type access: reading, viewing,<br />
printing or even just knowing about the existence of an object.<br />
Integrity Means that assets can be modified only by authorized parties or only in<br />
authorized ways. In this context, modification includes writing, changing,<br />
changing status, deleting and creating.<br />
Availability Means that assets are accessible to authorized parties. An authorized party<br />
should not be prevented from accessing objects to which they have legitimate<br />
access.<br />
Copyright © 2003, Idea Group Inc. Copying or distributing in print or electronic forms without written<br />
permission of Idea Group Inc. is prohibited.