Horse to water [Diagram showing Sarbanes-Oxley data flows for finance systems] Talk about how important it is with the concept of Sarbanes Oxley – where does the data come from and where does it go? Need to consider especially the potential impact on information systems.
Talk about governance groups here.
Essentially these are the different types of governance groups/arrangements we can have (the slide is called “governance arrangements matrix” in Weill and Ross).
[Data quality is a business decision – alignment with needs of the business is necessary]
– less emphasis at the beginning of the strategy, but have monthly and quarterly reviews (as is recommended for all strategies that cannot sit on the shelf).
Describe how this process works.
The Maturity Model 0 - Nonexistent 1 - Initial/Ad Hoc 2 - Repeatable but Intuitive 3 - Defined Process 4 - Managed and Measurable 5 - Optimised Data quality management can only work when the organisation is ready for it. A great leap forward won’t work for data management Activities and performance indicators must tailored for your readiness
DS11.1 Business Requirements for Data Management Verify that all data expected for processing are received and processed completely, accurately and in a timely manner, and all output is delivered in accordance with business requirements. Support restart and reprocessing needs. DS11.2 Storage and Retention Arrangements Define and implement procedures for effective and efficient data storage, retention and archiving to meet business objectives, the organisation’s security policy and regulatory requirements. DS11.3 Media Library Management System Define and implement procedures to maintain an inventory of stored and archived media to ensure their usability and integrity. DS11.4 Disposal Define and implement procedures to ensure that business requirements for protection of sensitive data and software are met when data and hardware are disposed or transferred. DS11.5 Backup and Restoration Define and implement procedures for backup and restoration of systems, applications, data and documentation in line with business requirements and the continuity plan. DS11.6 Security Requirements for Data Management Define and implement policies and procedures to identify and apply security requirements applicable to the receipt, processing, storage and output of data to meet business objectives, the organisation’s security policy and regulatory requirements.
Data entry controls: Data entry requirements are clearly stated, enforced and supported by automated techniques at all levels, including database and file interfaces Data ownership: The responsibilities for data ownership and integrity requirements are clearly stated and accepted throughout the organisation Training in standards: Data accuracy and standards are clearly communicated and incorporated into the training and personnel development processes Data correction: Data entry standards and correction are enforced at the point of entry Output standards: Data input, processing and output integrity standards are formalised and enforced Data quarantine: Data are held in suspense until corrected Integrity Monitoring: Effective detection methods are used to enforce data accuracy and integrity standards Reliable and meaningful data interfaces: Effective translation of data across platforms is implemented without loss of integrity or reliability to meet changing business demands Minimal keying: There is a decreased reliance on manual data input and re-keying processes Data access tools: Efficient and flexible solutions promote effective use of data Archive management: Data are archived and protected and are readily available when needed for recovery Data dictionary: [blah] Information inventory: [blah]
Data management strategies Presented by: Micheal Axelsen Director Applied Insight Pty Ltd
The international accounting standards are strangely silent on specific issues relating to data management
ISA315 has the most to say about computing:
The auditor shall obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including the following areas:
The classes of transactions in the entity’s operations that are significant to the financial statements;
The procedures, within both information technology (IT) and manual systems, by which those transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements;
The related accounting records, supporting information and specific accounts in the financial statements that are used to initiate, record, process and report transactions; this includes the correction of incorrect information and how information is transferred to the general ledger. The records may be in either manual or electronic form;
How the information system captures events and conditions, other than transactions, that are significant to the financial statements;
The financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and
Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments.
Tales from the data vault Image from Flickr User markscott . Some Rights Reserved . Image from Flickr User www.flickr.com/justplainhope. Some Rights Reserved . Image from Flickr User stargazer95050 . Some Rights Reserved . Image from Flickr User krysten_n . Some Rights Reserved . Image from Flickr User Phil Strahl . Some Rights Reserved .
Maturity through growth COBIT Maturity Model Level Description 0 Non-existent 1 Ad hoc 2 Repeatable but intuitive 3 Defined process 4 Managed and measurable 5 Optimised
Objectives of data quality COBIT: DS11 Manage Data Process Description DS11.1 Business Requirements for Data Management DS11.2 Storage and Retention Arrangements DS11.3 Media Library Management System DS11.4 Disposal DS11.5 Backup and Restoration DS11.6 Security Requirements for Data Management