Building a Strategy customers and Auditors Love

2. 2 Agenda • Who we are • Compliance Being Compliant AND being Audit Resilient The Data Control Model; Control Elements 4 Steps to a Governance Framework • Building the Governance Framework in Information Value Management Confidential and Proprietary. Copyright© 2018. DATUM LLC

4. 4 Compliance evolves with capabilities Confidential and Proprietary. Copyright© 2018. DATUM LLC Compliance is the goal, but over time what you want is Audit Resilience Easy, Stress Free, Repeatable, Transparent, Extensible Compliance is about defining the Data Control Model that reduces risk, and creates “Audit Resilience”

5. Data Control Model 5 Confidential and Proprietary. Copyright© 2018. DATUM LLC Control System Defined: Control Environment • Sets the tone for the organization Risk Assessment • Identification and analysis of relevant risks to the achievement of objectives Information and Communication • Systems or processes that support the identification, capture, and exchange of information Control Activities • Policies and procedures that help ensure management directives are carried out Monitoring-processes • Assess the quality of internal control performance over time. The configuration of the Governance Framework to align impacted data with compliance requirements An Operating Model that ensures accountability and minimizes risk For DATUM a Data Control Model sits within the Control System, and is always: https://www.aicpa.org/

6. Data Control Model 6 Confidential and Proprietary. Copyright© 2018. DATUM LLC Control Elements: Data is labelled with sufficient metadata to support risk analysis and alignment to larger Control System Elements • Data Catalog / Dictionary have been configured with appropriate metadata labelling to support risk processes Control activities are completely defined • All data in scope is controlled via Rule(s) that are supported by Standards • All Composers have Owners, and Rules have execution Owners (Roles) The controls are exposed and communicated • Reports are configured in Information Value Management Monitoring process exists • Data Quality feature is activated and are monitoring Control Rules 1. Configure Governance Framework 2. Configure Operating Model 3. Identify Control Points 4. Ensure that the Control Points have all control elements implemented Steps to setting up Control Model:

7. 7 Four Steps to a Governance Framework Confidential and Proprietary. Copyright© 2017. DATUM LLC What are Value Driver Goals ? What Objectives Support Goals? How do I Recognize Success? Start with Business Value!

9. 9 2. Build the Catalog Confidential and Proprietary. Copyright© 2017. DATUM LLC 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to align with value drivers Identify Data: What are my sources?1 What is the data that matters? If data is not cataloged, it is not governed!

10. 10 Value emerges… Confidential and Proprietary. Copyright© 2017. DATUM LLC Data Asset: Transaction File dd/mm/yy Purchase $ Purchase Date Purchase SKU Customer Metric Tags Purchase Activity PI Collected Channel = Web Product Category All business processes where customers present must have 95% completion of Customer Metrics StrategyData • Data’s role in supporting business strategies is established • Provides the basis for data’s value as an “Asset”

11. 11 3. Define Processes Confidential and Proprietary. Copyright© 2017. DATUM LLC Where Is the data; how Is It Used? • E-commerce sites • Marketing functions • Shipping fulfillment • CRM Start with known Business Functions Focus on Core Requirements • What data is where? • What are value drivers? • Who gets the value? • What are standards, controls & metrics

12. 12 Processes complete alignment of data, people & processes Confidential and Proprietary. Copyright© 2017. DATUM LLC • Identifies business function & Owner • Ensures business alignment to “value” • Addresses order & efficiency objectives StrategyPeople

13. 13 4. Add Standards & Rules to address control objectives Confidential and Proprietary. Copyright© 2017. DATUM LLC • Standards provide enterprise wide guidance on the implementation of policy • Rules implement Standards at the data level StrategyGovernance

14. 14 The “Managed” Data Ecosystem Confidential and Proprietary. Copyright© 2017. DATUM LLC Data Aligned • The data required to meet objectives Strategy Driven Business Focused • Measurable Objectives Action Oriented • What people do Managed • The observable, measurable “controls” and metrics; evidence of business impact

15. 15 Example: GDPR Obligation Management Confidential and Proprietary. Copyright© 2017. DATUM LLC GDPR Compliance Goals Remediation Management Objectives GDPR Obligation Management Processes GDPR Remediation Standard GDPR Risk Management Communication Standards Standards GDPR Task Management GDPR PI Owner Identification GDPR Remediation Log Detail GDPR Communication Template Rules Metrics GDPR Article 12 GDPR Article 18 GDPR Article 19 GDPR Article 16 POLICY

16. 16 Multiple Frameworks may exist Confidential and Proprietary. Copyright© 2018. DATUM LLC GDPR Case Study For GDPR, a Framework exists for each of the Capability Areas specified in the Best Practices Model Each Framework answers a key question required for Audit Resilience

17. Benefits of a Governance Framework 17 Confidential and Proprietary. Copyright© 2017. DATUM LLC Clear Line of Site between Compliance & Controls Business Aligned Accountability Easy to Communicate Easy to Defend Audit Defensibility The degree to which the organization is ready to address the demands of an auditor: • Observable • Measureable • Repeatable • Robust • Transparent • Defensible

18. 18 Information Value Management® 01| Discover where GDPR personal information data lives, who uses it and how it is used. 02| Connect that information to data governance processes. 03| Enable collaboration with all stakeholders across the organization. Confidential and Proprietary. Copyright© 2018. DATUM LLC

Building a Strategy customers and Auditors Love

jadams6

Building a Strategy customers and Auditors Love