Conclusion
The approach described above, using EAMs in database environments, is important in that it demonstrates the feasibility of addressing the idiosyncratic control and security concerns relative to DBMS-driven applications. In addition, the approach illustrates how audits of such applications can be performed in an efficient manner. A superior approach would be to use the DDL to specify permits and integrity constraints, if information on violations could be captured as they occur. Future developments in database definition and manipulation languages may incorporate such features, which would obviate the need to embed audit modules in application programs. Further research should investigate whether auditors are more attuned now to the special control and security problems present in database environments. The cost-benefit aspect of using EAMs should also be addressed. Specifically, the impact on system performance of incorporating audit modules should be investigated. There are suggestions in the literature that auditors should be more involved in the design of accounting systems [e.g., Grabski, 1986]. As indicated in the previous section, we suggest that auditors should propose the implementation of EAMs in application programs to capture and store information of audit significance on a continuous basis. Further research could investigate whether the utilization of more efficient concurrent auditing techniques (i.e., EAMs) leads to decreased audit risk in the environment of complex database accounting systems.
