Traditional batch processing has the advantages that the data can be subjected to checks for validity, accuracy and completeness before it is processed. But for organizations that need information on strict time scale, this type of processing is unacceptable. This has led to the development of on-line and real-time systems and the number is growing particularly in airline offices, banks, building societies and other financial institutions. The auditor's duties do not change but his techniques have to change. The key features of these systems are that they are based on the use of remote terminals which is just a VDU and keyboard typewriter. These terminals will be scattered within the user department and they have access to the central computer store. The problem for the auditor arises from the fact that master files held in the central computer store may be read and up-dated by remote terminal without an adequate audit trail or in some cases, any record remaining. Necessary precautions have to be made therefore to ensure that these terminals are used in a controlled way by authorised personnel only. And the security techniques include:
i. hardware constraints e.g. necessitating the use of a key of magnetic-strip badge or card to engage the terminal, or placing the terminal in a location to which access is carefuly restricted, and which is constantly monitored by closed-circuit television surveillance systems;
ii. the allocation of identification numbers to authorised terminal operators, with or without the use of passwords; these are checked by the mainframe computer against stored records of authorised numbers and passwords;
iii. Using operator characteristics such as voice prints, hand geometry (finger length ratios) and thumb prints, as a means of identification by the mainframe computer;
iv. Restricting the access to particular programs or master-files in the mainframe computer, to designated terminals; this arrangement may be combined with those indicated above;
v. In top-security systems, the authority to allocate authorities such as those indicated above (i.e determination of passwords, nominating selected terminals), will itself be restricted to senior personnel, other than intended users;
vi. A special file may be maintained in the central processor which records every occasion on which access is made by particular terminals and operators to central programs and files; this log will be printed out at regular intervals e.g the end of each day, or on request by personnel with appropriate authority.
What differentiates an on-line system from a real-time system is that the on-line system has a buffer store where input data is held by the central processor before accessing the master files. This enables the input from the remote terminals to be checked by a special scanning program before processing commences. With real time systems however, action at the terminal causes an immediate response in the central processing where the terminal is online. Security against unauthorised access and input is even more important in real-time systems because the effect of the input is that it instantaneously updates the file held in the central processor and any edit checks on the input are likely to be under the control of the terminal operators themselves. In view of these control problems, most real time systems incorporate additional controls over the scrutiny of the master file for example, logging the contents of the file before look and after look.