This paper demonstrates an approach to address the unique control and security concerns in database environments by using audit modules embedded into application programs. Embedded audit modules (EAM) are sections of code built into application programs that capture information of audit significance on a continuous basis. The implementation of EAMs is presented using INGRESS a relational database management system. An interface which enables the auditor to access audit-related information stored in the database is also presented. The use of EAMs as an audit tool for compliance and substantive testing is discussed. Advantages and disadvantages of employing EAMs in database environments and future directions in this line of research are discussed.

ADVANCES in computer technology over the past several years have made computer-based accounting systems increasingly complex. With the virtual elimination of the traditional audit trail in computerized systems [Weber, 1982), internal control and system security are critical concerns. With recent improvements in computer technology and reductions in hardware costs, database management systems [DBMS] have become commonly used for business data processing. While there are unique control and security concerns relative to DBMS applications [Fernandez et al., 1981, p. 151), there is some evidence that auditors do not sufficiently adjust their audit procedures in the environment of DBMS [Roberts, 1980]. A variety of computer audit techniques have been discussed in the literature [Cash et al., 1977]. Though auditors have developed generalized audit software [GAS] to obtain audit evidence in advanced computer systems, such software packages are generally incompatible with the complex file structures of database systems [Cash et al., 1977, p. 824; Fernandez et al., 1981, p. 164]. Access to client database systems using GAS is most often done through intermediate sequential files extracted from the database. Embedded audit modules [EAM] are an example of concurrent auditing techniques [CAT] which continuously monitor transaction processing. Weber [1982, p. 475] highlights the increased need for CATs in the environment of database systems due to the integration of sub-systems and the sharing of data. Further, EAMs are perceived by auditors to be very efficient methods of auditing advanced computer-based systems [Tobison & Davis, 1981; Garsombke & Tabor, 1986]. The purpose of this paper is to describe an approach to the continuous auditing of database-driven accounting applications using EAMs. The objectives of this paper are to discuss (1) a selected number of unique control and security issues related to DBMS-driven accounting systems, (2) the use of a relational DBMS to construct and implement EAMs in a sales application, and (3) the utilization of EAMs as an audit tool. The significance of this paper lies in the demonstration of how audit modules embedded in a DBMS-driven application can address the unique control and security aspects of database environments. In addition, we demonstrate how the DBMS might enable the auditor to access audit-related information collected by the EAMs. In this manner, the illustration presented in this paper would assist auditors contemplating the use of EAMs in DBMS environments.