Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protiviti Presentation at Chief Data Officer Financial Services, West

2,089 views

Published on

Pragmatic Data Governance
Focusing on deriving value from your Data Governance investments

Published in: Technology
  • Be the first to comment

Protiviti Presentation at Chief Data Officer Financial Services, West

  1. 1. Internal Audit, Risk, Business & Technology Consulting PRAGMATIC DATA GOVERNANCE Focusing on deriving value from your Data Governance investments April 1017
  2. 2. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. PRAGMATIC DATA GOVERNANCE - TOPICS 1 Problem Statement: Many firms struggle with how to ensure their Enterprise Data Governance efforts quickly deliver business value in their organizations, and also how to ensure sustainment of these organizations post the initial launch and investment. We’ll discuss a few key points, mainly: • Current State of Data Governance within Financial Services • What is Pragmatic Data Governance, and how does it differ from how some firms have attempted to launch their programs? • What frameworks / models for Enterprise Data Governance are other organizations leveraging? • Examples of Governance in Action, and defending the costs.
  3. 3. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. WHO WE ARE *Inclusive of Protiviti's Member Firm network, revenue for the year ending 2016 was $865M **Inclusive of Protiviti’s Member Firm network, the number of professionals is more than 4600 Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. • 11% compounded revenue growth rate since 2013 • 17.36% compounded operating income growth rate since 2015 • Serve 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies • Wholly owned subsidiary of Robert Half (NYSE: RHI). Over 20 countries in the Americas, Europe, the Middle East and Asia-Pacific 70+ offices Our revenue*: $804 million in 2016 More than 3600 professionals** 2
  4. 4. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. BIG PICTURE – MARKET DRIVERS A strong link has developed across Regulations and Regulators (Fed and OCC), BCBS 239 (Risk Data Aggregation), and EDM Council’s DCAM and Data Benchmark Industry Report. 3 Linking Data with Critical Regulatory Mandates Risk and Regulatory Data Governance / Management SR 15-18 / 19; Heightened Standards • Controls should ensure sound MIS to support capital planning processes; Comprehensive reconciliation and data integrity process for key reports; accurate and complete capital planning process results; Timely and accurate information is provided to senior management. • Strong IT Infrastructure is the foundation for strong Capital Management processes during stressed periods for ad hoc and board-of-director reporting. • Aggregation systems should bring together data and information across business lines, portfolios and risk types including data systems and sources, data reconciliation/quality checks and internal controls points to ensure accurate reporting. BCBS 239 Implementations • Regulators may assess risk data aggregation and reporting as part of other supervisory reviews (CCAR). • There is no ‘one size fits all’ approach and banks are required to understand the objectives under the principles. • Some banks have developed senior- level positions to manage data processes—most banks created a new internal audit role or independent validation unit. • Infrastructure projects to improve data aggregation have execution risk, but is not acceptable as a reason for non- compliance. • There is a significant interdependency between the principles, regulators identify that it’s necessary to have good data aggregation practices in order to be in compliance with risk reporting. 2015 Data Management Industry Benchmark Report • The survey identifies Data Management Programs in existence less than 3 years and note BCBS 239 are driving these programs. • Harmonization of data across the enterprise is a core component of BCBS 239 to manage the interconnectedness of firms risk. • Regulatory pressure is pushing governance forward, but not to the degree that is required for compliance with BCBS 239. • Firms are expediting their data management infrastructure to meet the principles of BCBS 239. • The DCAM is strongly suited to assessing key components of BCBS and Risk Reporting (CCAR).
  5. 5. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. FSI REGULATORY DRIVERS FOR DATA GOVERNANCE 4 • 14M/Q are predominately a data sourcing and aggregation exercises to complete the templates. • 14A model development needs current + historical data in order to develop an effective models. • Regulators demand strong data governance, data quality and internal controls around data processes. • Regulators demand strong data infrastructure to include business glossary, data dictionary, lineage, issues management. • Data quality (edit checks) requires demonstrated improvement by the bank. • Data must be reconciled to FR Y- 9C and other financial reports. CCAR Stress Testing • Significant concern across most banking institutions. • Key business processes require high quality customer data for customer risk scoring and transaction monitoring. • Consistently defined customer data is required to drive customer due diligence, enhanced due diligence, customer risk scoring and transaction monitoring processes. • Data quality and integrity problems lead to increased operational costs due to false positives; Subsequently the lack of quality data increases the risk of not identifying AML activities which could lead to significant fines and regulatory action. • Data governance standards across customer data must improve for effective transaction monitoring. AML • Common set of principles across all risk types (Credit, Market, Operational, Fiduciary, Interest- Rate, Liquidity, etc.). • Regulatory driven requirements to improve risk data. • Applicable to G-SIBs by January 2016—Recommended to be rolled out across D-SIBs subsequently (tentatively 2017- 2018). • Principles are driving significant improvements in data governance and infrastructure as foundation for improving risk data aggregation and reporting. • Basic principles align closely with data governance best practices. Risk Data Aggregation (BCBS 239)
  6. 6. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. BCBS 239 / RDA DEMANDS AREN’T GOING AWAY 5 “One of the most significant lessons learned from the global financial crisis that being in 2007 was the banks’ information technology (IT) and data architectures that were inadequate to support the broad management of financial risks.” - Introduction sentence to the BCBS Principles for Effective Risk Data Aggregation; Based off the March 2017 Progress report only 1 bank had fully complied by the deadline. GSIBs were expected to comply with BCBS 239 Principles by January of 2016 Major gaps were identified in Principle 2, Data Architecture and IT Infrastructure, with 15 of 30 Banks rated materially non-compliant.
  7. 7. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. WHY ARE ORGANIZATIONS STRUGGLING? 6 DAMA-DMBOK Reference & Master Data Management Data Governance • Roles & Organizations • Data Strategy • Policies & Standards • Architecture • Compliance • Issue Management • Projects & Services • Data Asset Valuation • Communication Metadata Management • Users & Needs • Architecture & Standards • Capture & Integration • Repository Admin • Query & Reporting • Distribution & Delivery Data Architecture, Analysis & Design • Enterprise Data Modeling • Value Chain Analysis • Related Data Architecture • Logical Modeling • Physical Modeling • Modeling Standards • Model Mgmt. Database Management • DB Design • DB Implementation • Backup & Recovery • Performance & Tuning • Archival & Purging • Technology Mgmt Data Security Management • Data Privacy Standards • Confidentiality Classification • Password Practices • User, Group & View Admin • User Authentication • Data Security Audit Data Quality Management • Quality Reqmt. Specification • Quality Profiling & Analysis • Data Quality Improvement • Quality Certification & Audit • Data Integration Architecture • Reference Data Management • Customer Data Integration • Product Data Integration • Dimension Management Data Warehousing & Business Intelligence Management • DW / BI Architecture • DW / Mart Implementation • BI Implementation • BI Training & Support • Monitoring & Tuning Document, Record & Content Management • Electronic Document Mgmt • Physical Record & File Mgmt • Information Content Mgmt External Data Mgmt • Mgmt of syndicated data • Mgmt of Partner Data • Acquisition / coordination of external data Mobile Platforms Data • Policies for use • Device / Platforms • Data limitations “Big Data” • Collection / sourcing controls • Data quality requirements • Infrastructure maintenance • Query tools Data Demand Management • Requests for Reporting / Info • Requests for new sources of data • Coordination and control of master report library Social Media • Policies for use / control • Usage and review • Competitive analysis Regulatory Coordination • Auditable reporting sources • External reporting coordination • Ownership = DAMA-DMBOK Functional Model BLUE = Additional Considerations Because it’s a HUGE Domain to cover! There is a reason this problem hasn’t been solved over the years and it’s not from lack of effort.
  8. 8. PRAGMATIC STEPS FOR DATA GOVERNANCE
  9. 9. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. WHAT IS PRAGMATIC DATA GOVERNANCE 8 Data Governance programs must combine Functional Expertise, Industry knowledge, and Technology together in a well organized and coordinated fashion we call our PHASE approach (Planned, Holistic, Actionable, Simple, Efficient).  Planned: We must understand the full areas within scope for the governance, and carefully outline the immediate actionable needs of the organization.  Holistic: We must build out carefully and only bite off what we can accomplish, but we must do this always keeping in mind the needs for the complete organization and not building in silos.  Actionable: Data Governance activities must directly drive bottom line value, and have actionable work steps, deliverables, and programs as opposed to just being overarching methodologies that can never be realized.  Simple: Data Governance must only be applied where needed, and not ‘Governance for Governance sake’. We must keep it simple and action oriented or risk losing the fundamental benefits and risk failure.  Efficient: The underlying processes put in place must not hamper our overall ability to conduct day to day business, and must be designed with efficiency in mind. For every action, there is an equal and opposite reaction. We must careful plan our rollouts to limit business disruption, while still driving change.
  10. 10. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. CURRENT STATE EVALUATION Understanding the current data environment, maturity level (or lack of maturity) across the data landscape and key components is a key first step. The level of maturity may drive different outcome than previously understood. 9 GOVERNANCE DATA & IT RISK REPORTING Data Strategy Reporting Tools Regulatory Reporting Report Distribution Risk Profiling Reconciliations IT Infrastructure Enterprise Data Requirements ETL and Data LifecycleData Architecture Metadata Management Data Quality & Integrity Program / Project Governance Data Stewardship Policies / Standards Organizational Alignment
  11. 11. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. OUTLINING REPEATABLE DATA STRATEGIES • Strategic Goals / Business Objectives • Improve Data Quality / Reusability • Meet Regulatory Requirements • Automation of Data / Reporting • Reduce Compliance Costs • High Quality Data Analytics Strategic Goals / Business Objectives 10 Current State Issues: Target State of Data Strategy: • Fragmented / redundant view of data exists • Inconsistent reconciliation of Regulatory data • Lack of effective Metadata management • Traceability and lineage challenges • Few data standards, definitions or policies implemented • Lack of clear roles and responsibilities • Minimal reactive / proactive data quality improvement • Minimal reuse of common data • Function / application view of data • Historical data quality challenges • Integrated view and use of data across initiatives / enterprise • Consistent and rigorous engorgement of policies and methods • Standardized metadata • Consistent use of data dictionary • Well defined data governance structure and team integrated across the organization • Robust data quality monitoring and improvement processes • Reusable data services – Data as a service • Enterprise data is verifiable ‘under governance’ • Historical data remediation / strategy in place
  12. 12. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. LEADING DATA PRACTICES – GOVERNANCE Governance function to oversee the risk reporting process and ensure proper execution. 11 • Clearly defined and implemented management functions throughout risk reporting process. • Committees dedicated to employee engagement and training. Leadership and Employee Engagement • Defining the process, roles, and responsibilities. Policies and Procedures • Provides a stringent governance, control framework, and strategic business support Risk Oversight Group
  13. 13. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. LEADING DATA PRACTICES – DATA MANAGEMENT IT and data infrastructures to aggregate risk data and enable efficient and accurate reporting. 12 • Reporting inputs consolidated into a single-sourced common Data Warehouse with one process for effective risk reporting. Enterprise Risk Report Repository • Dynamic dashboards that will enable the Board to view key metrics and exceptions. Dynamic Dashboards • Ongoing metrics to measure and monitor data within data sources. • Reduced offline manual data files. Timeliness • Reliability of data across the organization from the Data Warehouse. Data Quality
  14. 14. EXAMPLES IN ACTION – WHERE HAVE WE SEEN SUCCESS?
  15. 15. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.14 The DCAM Model Scoring Methodology is based on three criteria: (1) Engagement of functional / process components; (2) Formality of documented, repeatable and coordinated efforts; and (3) Evidence of capabilities as sanctioned and operational. EDMCOUNCILDCAMMODEL– 8CORECOMPOENTS Through our existing professional relationship with the EDM Council*, Protiviti leverages tools such as the EDM Council Data Management Capability Assessment Model. EDM Council has created this framework through industry collaboration, rationalization of core data management principles, and alignment with control environment measurement standards (such as BCBS 239 Principles for Risk Data Aggregation). * EDM COUNCIL – Protiviti is a member and professional partner of the EDM Council Organization. Defines the long term goal of the data management program. The blueprint to gain internal alignment among stakeholders and to define how the organization will approach the management of data content DATA MANAGEMENT STRATEGY The “design of information content” including the identification of data domains, establishment of taxonomies, alignment with contractual obligations, documentation of metadata and designation of CDEs DATA ARCHITECTURE The justification for the data management program. The mechanism for ensuring sufficient and sustainable capital. The approach for measuring the costs and benefits of EDM BUSINESS CASE & FUNDING MODEL The “design of physical architecture” including the platforms and tools in support of data management implementation. This is domain of IT and defines how data is acquired, stored, integrated and distributed TECHNOLOGY ARCHITECTURE The mechanism for EDM implementation. Stakeholder engagement. Communications program and education on the concepts of data CONTENT management. Engagement model and operational routines DATA MANAGEMENT PROGRAM Deliver to business users data that is fit-for-purpose. The goal is data that users trust and have confidence in to be exactly what they expect it to be without the need for reconciliation and data transformation DATA QUALITY The rules of engagement for implementation of the data management program. The focus is on implementation of policies, standards and operational procedures necessary to ensure that stakeholders “behave” DATA GOVERNANCE Coordination of the components into a cohesive operational model; ensure that controls are in place for consistency across the lifecycle; align with organizational privacy and security policies DATA CONTROL ENVIRONMENT HONEST ASSESSMENT OF YOUR CURRENT STATE
  16. 16. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. CLEARLY ARTICULATED, SIMPLE FRAMEWORKS 15 Data Governance is not a one size fits all prescription, but our methodology, framework and approach to effective Data Governance helps organizations solve for many components of current and future regulatory scrutiny. Establishing the right Data Governance program early will help solve for multiple areas of compliance. EXAMPLE:PROTIVITI DATAGOVERNANCEMODEL Leveraging known frameworks and our internal models, we develop a practical solution for solving and evaluating your data governance program across all facets of the organization. These inputs are used to help create a specialized, best of breed model that specifically supports your organization and your distinct Data Governance needs and may be used to articulate necessary controls and the future roadmap through training and communications.
  17. 17. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. CLEAR LINES OF COMMUNICATION AND OWNERSHIP 16 As noted in scoping many times a Data Governance organization may have some core responsibilities, but to build an effective organization you must also be able to leverage and partner with other existing functions. This requires careful planning, agreement from all parties, and constant communication in order to properly function. The example below represents an example Interaction model built out for one of our clients. TMO New initiatives & projects Data Issue Management & Resolution Quarterly Updates, Proposed Initiatives Oversight, Direction, Funding Resource Allocation, Goals, Decisions Partners / Affiliates Executive Team / Steering Committee IT Governance Shared Services Governance Regulatory Governance Risk Management Data Governance Core Team Data Demand / Knowledge Management Data Policy / Process Improvement Data Quality Monitoring Data Issue Prioritization Data Correction / Change Management IT / Data Alignment Data Documentation (Metadata) Project Reporting & Tracking IT Enterprise Architecture Delivery Assurance Data Owners Data Stewards Technology Stewards LOB Representatives Working Groups Priorities, Coordination, Support, Direction, Interaction, Tools & Training SME Input, Fit for Purpose Requirements, SLA’s, Status PDLC Integration Production Support Metadata Coordinate Governance Activities Review and Coordinate Policies Project Status and Feedback LOB’s Shared Services MIT Data Quality Metrics, Policies, Procedures, Tools &Training SME Input, Feedback, Status MA Projects Program Management DG Representation DG Project Deliverables
  18. 18. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. ACTIONABLE, ACCOUNTABLE ROLES 17 Overall Business Alignment and Representation • Business Function Representation – the Business Data Steward is the champion within a particular business area / function who covers an area such a ‘New Accounts’ or ‘Customer Service’. • In this capacity, the Business Data Steward is responsible to understand all Data Governance established policies, standards and procedures and ensure they are being communicated and utilized into their business area by all associates. • Establish a clear line of regular communication to the enterprise Data Governance function to alert and escalate of any potential issues. • Work to identify the most important key business terms (definitions), as well as provide input in business requirements that affect data quality standards and overall usage. Data Life-Cycle Management • Help to establish priorities within business functions and continuously review requirements as part of new work requests or established work streams. • Define the data, manage metadata and communicate new business data definitions and approved data usage standards to enterprise Data Governance. • Take ownership and responsibility of metrics and monitoring overall compliance of data conforming to the established measures. • Make recommendations on how data quality can be improved and protected as a result of any root cause analysis following any conflict resolution that has been escalated. • Understand and assess any enterprise impacts to data change by participating in stewardship committees organized around new data and project initiatives. Data Quality and Risks • Establish acceptable levels of data quality that can be measured. • Understand all uses and context of the data and be included in any actions or decisions for any new planned use of the data throughout the enterprise. • Define improvement opportunities as a result of reviewing data quality metrics and analysis of root causes for any data falling below acceptable levels. • Support new business cases for improvement projects to establish stronger data quality.
  19. 19. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. ENGAGEMENT IN ALL MAJOR BUSINESS INITIATIVES 18 Project Preparation • Identifying business objectives – focus on the short and long term goals related to data quality and understand if the data and information provided in the immediate project could also be leveraged further in the organization for additional value. • Understand full scope of the project as it relates to data (e.g., capturing the data, transformation and movement of the data). As part of the scoping, the levels of quality should be identifying as well as existing or new sources of data. • Assess the data risks by performing initial tasks such as profiling the source data information to determine if it’s viable for supporting the business requirements and meeting all of the business expectations. Plan • Define standards that should be applied to data (e.g., conforming email addresses) and ensure the correct definitions and descriptions are established with the business team. • Analyze any source data to find anomalies or potential problems with the data that should be escalated to the project team. • Coordinate with data architecture teams to ensure platforms and data models meet requirements. Implement • Participate in test case scenarios creation to ensure any discovered data anomalies will be appropriately tested after implementation. • Tune initially created business rules and standards for data for any potential updates or changes to expectations. Rollout and Go Live • Participate in the execution of the user acceptance testing. • Review system conversion / production cutover plan and results of initial or cleansed data loads. • Participate in problem resolution support team and post mortem reviews of lessons learned and exception logs. Maintain • Participate in data audits and other monitoring processes to ensure initial expectations related to data standards and quality continue to be met. • Understand data issues and requirements for enhancement phases to the project to promote stronger data quality practices. Enterprise Data Governance must have a SEAT AT THE TABLE for all portions of Major Business Decisions and projects.
  20. 20. FINAL THOUGHTS
  21. 21. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. LEADING PRACTICES / CONSIDERATIONS 20 Data Governance issues are not going away, so hire now, hire well, and empower your employees and many of the best Data Governance resources you have are those that are already in the business and that you can train. Build once, but utilize many times across AML, CCAR, DFAST, and BCBS239 / RDA and Data Governance activities for Data Quality, Metadata, Data Lineage, and Data Infrastructure. It’s the Business’s data, so force them to take ownership and be involved in defining Data Quality and Data Remediation activities. Data Governance is a process, not a project, so build it your program in a sustainable way by embedding it into all activities across your organization. Ensure your end users, e.g. the business, are getting tools that solve their real problems – availability to key data, quality of that data, and increasing their knowledge of those data sets. Manual Processes may be quicker to implement, but they are not long term sustainable and will face eventual push back from the business. Enterprise Data Governance efforts must take into account all key data and data sources – both internal and external – and should be managed. Data Lineage and Traceability are more than measuring the hops of data – effective controls should also be looking the context for data use and the overall accuracy of the information. Communication of issues and implementation timeline must be clear across all levels of management, and must be specifically tailored to your audience. Overall complexity of the data and tools environments must be addressed for longer term sustainability of the programs.
  22. 22. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. Q & A 21
  23. 23. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. THE RESULT APPROACH THE CHALLENGE Phase 1: Initial Assessment / Plan 24+ Data Entities 165+ Business Processes Regulatory Enterprise Data Standards Business Data Ownership Uncertainty Unknown Enterprise Usage and Definition of Key Data. Definition and classification of key Data Entities and sub-entities. Documented the relationship and usage of applications and data within Business Processes.Phase 2: Requirements Determination Phase 3: Program Rollout 1. Clear definition of policies, processes, roles and responsibilities. 2. Implemented processes and supporting tools to store business and data relationships and maintain it through periodic certifications and enterprise-wide publication of information. Phase 4: Program Expansion Phase 5: Go-forward Strategy Clear policy, strategy, and approach for identifying, documenting, and validating key data. Our approach allowed us to evaluate the goals of the program and address the challenges specific to the client by building a framework that matches their enterprise data infrastructure environment and business structure. We helped our client by establishing clear messaging and objectives supported by executive leadership and further enhanced the tactical steps for execution by the Data Governance department. Our combined efforts through the process implementation phases allowed us to see the results of the framework design, policies, identification and documentation all come together into an evergreen process to maintain key data “blueprints” and ownership information for the enterprise. By utilizing this approach and beginning with the basics of data identification and definition, we were able to develop a 3 year Data Governance strategy with the client to continue to grow the Data Governance areas of coverage into additional value-add goals such as data quality improvement, data issue centralization, metadata and technical data lineage. CASE STUDY – DATA GOVERNANCE PROGRAM ONLINE BROKER-DEALER AND BANK 22
  24. 24. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners. THE RESULT APPROACH THE CHALLENGE Phase 1: Initial Assessment / Plan 12+ Observations Short Time to Perform Audit on CCAR Schedule due to Regulatory Commitments Minimum Experience with Integration of Data and Assets Large Number of Disparate Systems. Key findings and weakness identified across CCAR reporting and infrastructure Documented baseline lineage to identify mitigating controls that are occurring at system level. Phase 2: Current State Assessment Phase 3:Controls Testing 1. Clear defined areas of improvement related to CCAR reporting and infrastructure. 2. Documented evaluation of controls, risk control matrix, and identified observations, findings, and weaknesses. Phase 4: Gap Analysis Phase 5: Documented Key Findings Improved audit methodology and core capabilities of their internal audit organization.. Our approach allowed us to evaluate the CCAR data and infrastructure to meet the timeline of the regulatory commitments. We helped our client by analyzing audit methodology and process areas to establish gaps, weaknesses, recommended improvements, and updated methodology. We established relationships with auditees and performed stakeholder interviews to create end-to-end process mapping and documentation. By utilizing this approach and beginning with the basics of documenting metadata and technical level data lineage, we were able to further identify mitigating controls that occurred at system level. CASE STUDY – CCAR DATA & LINEAGE REVIEW SUPER-REGIONAL BANK 23
  25. 25. © 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.

×