An Overview of Data Management



Similar documents
A CPA s Approach to Business Solution Implementations

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

EXPLORING THE CAVERN OF DATA GOVERNANCE

Data Governance Policy. Version October 2015

Implementing an Information Governance Program CIGP Installment 2: Building Your IG Roadmap by Rick Wilson, Sherpa Software

Rowan University Data Governance Policy

5 FAM 630 DATA MANAGEMENT POLICY

University of Michigan Medical School Data Governance Council Charter

Institutional Data Governance Policy

Data Governance 8 Steps to Success

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Institutional Data Governance Policy

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

US Department of Education Federal Student Aid Integration Leadership Support Contractor January 25, 2007

Design of Data Management Guideline for Open Data Implementation

Data Governance: From theory to practice. Zeeman van der Merwe Manager: Information Integrity and Analysis, ACC

The Business in Business Intelligence. Bryan Eargle Database Development and Administration IT Services Division

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

US Department of Education Federal Student Aid Integration Leadership Support Contractor June 1, 2007

Enterprise Risk Management & Information Technology

A Single Source of Truth: Why You Need Effective Data Governance

OE PROJECT CHARTER TEMPLATE

IPL Service Definition - Master Data Management for Cloud Related Services

From Information Management to Information Governance: The New Paradigm

Data Governance Overview

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Scope The data management framework must support industry best practice processes and provide as a minimum the following functional capability:

Data Governance. David Loshin Knowledge Integrity, inc. (301)

Creating a Corporate Integrated Data Environment through Stewardship

Data Governance With a Focus on Information Quality

Logical Modeling for an Enterprise MDM Initiative

IPL Service Definition - Master Data Management Service

The DGI Data Governance Framework

ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY

Information Management Advice 39 Developing an Information Asset Register

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET Data Administration and Management (Public)

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

The Next Frontier. for Records Managers. Retention and Disposition of Structured Data:

Understanding and managing data: The benefits of data governance and stewardship

Data Governance Good Practices and the role of Chief Information Officer

HOW TO USE THE DGI DATA GOVERNANCE FRAMEWORK TO CONFIGURE YOUR PROGRAM

Information Governance for Healthcare Executives. Lesley Kadlec, MA, RHIA Lydia Mays Washington, MS, RHIA, CPHIMS

IT Governance. What is it and how to audit it. 21 April 2009

Expanding Data Governance Into EIM Governance The Data Governance Institute page 1

Master Data Management

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

The Optimum Framework for Managing E&P GIS Data

Department of Information and Technology Management

Data Governance Baseline Deployment

PROCEDURE. The permission rights assigned to allow data custodians to view, copy, enter, download, update or query data.

Data Governance for Master Data Management and Beyond

Better Data is Everyone s Job! Using Data Governance to Accelerate the Data Driven Organization

Certified Information Professional 2016 Update Outline

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

Vermont Enterprise Architecture Framework (VEAF) Master Data Management Design

Knowledge Base Data Warehouse Methodology

Speed the transition to an electronic environment. Comprehensive, Integrated Management of Physical and Electronic Documents

INFORMATION SYSTEMS SPECIALIST

Guidelines for Best Practices in Data Management Roles and Responsibilities

Washington State s Use of the IBM Data Governance Unified Process Best Practices

SAS No. 70, Service Organizations

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

The Importance of Data Governance

FAQs New Service Organization Standards and Implementation Guidance

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

Vermont Enterprise Architecture Framework (VEAF) Master Data Management (MDM) Abridged Strategy Level 0

INFORMATION TECHNOLOGY STANDARD

Summary Notes from the Table Leads and Plenary Sessions Data Management Enabling Open Data and Interoperability

Financial and Cash Management Task Force. Strategic Business Plan

Information Governance Policy

The Importance of Data Governance in Healthcare

Enabling Data Quality

Gwen Thomas, The Data Governance Institute. Abstract

ISSA Guidelines on Master Data Management in Social Security

Governance Is an Essential Building Block for Enterprise Information Management

City of Minneapolis Policy for Enterprise Information Management

Data Governance Primer. A PPDM Workshop. March 2015

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Generally Accepted Privacy Principles. August 2009

Data Governance Implementation

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Fundamentals of Information Governance:

CSA Position Paper on AICPA Service Organization Control Reports

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

Information Security Managing The Risk

The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act*

Turning Data into Knowledge: Creating and Implementing a Meta Data Strategy

Data Governance: The Lynchpin of Effective Information Management

Transcription:

An Overview of Data Management

Recognition of Contribution The AICPA gratefully recognizes the invaluable contribution and involvement from the AICPA s IMTA Executive Committee Data Management Task Force in the development of this document. IMTA EC Data Management Task Force John Barile, CPA, CITP Ernst & Young, LLP Doris Cantagallo, CPA, CITP CGMA Michael Garber, CPA, CITP Garber Associates, Inc. Steve Palomino, CPA, CITP Ernst & Young, LLP Dan Schroeder, CPA, CITP Habif, Arogeti & Wynne, LLP Donny Shimamoto, CPA, CITP, CGMA IntrapriseTechKnowlogies LLC Michael Smith, CPA, CITP McGladrey & Pullen, LLP Steve Ursillo Jr., CPA, CITP Sparrow Johnson & Ursillo Inc. AICPA Staff Janis Parthun, CPA, CITP, CGMA Senior Technical Manager, AICPA IMTA Division

Table of Contents What is Data Management and Why is It Important?... 3 How Does Data Management Compare to Information Management?.. 3 What Are the Functions of Data Management?... 4 How Can an Organization Understand What Data It Needs to Manage?... 5 How Does an Organization Know What Data Are Important?... 6 How Does an Organization Document Its Data?... 6 What is Data Governance?... 7 What Are the Functions of Data Governance?... 7 What Are the Principles of Data Governance?... 8 What AICPA Resources Are Available to Guide a Data Management Initiative?... 9 1

Executive Summary Data management plays a significant role in an organization s ability to generate revenue, control costs and mitigate risks. Successfully being able to share, store, protect and retrieve the ever-increasing amount of data can be the competitive advantage needed to grow in today s business environment. Management of data generally focuses on the defining of the data element, how it is structured, stored and moved. Management of information is more concerned with the security, accuracy, completeness and timeliness of multiple pieces of data. These are all concerns that accountants are trained to assess and help manage for an organization. Most organizations today are inundated with data, the volume of which is increasing at an alarming rate. It is vital, therefore, to determine which data are most relevant and essential from an enterprise-wide perspective. Identification and classification of the enterprise s critical data should be performed by a team of senior-level representatives from each line of business or department. These team members must have knowledge of the relevant contributing business systems and processes, and the requirements of their respective stakeholders, systems and processes, and the requirements of their respective stakeholders. Accountants can play a key role in enabling Data Governance, and ensuring that it is aligned with an organization s overall corporate governance processes. Data Governance principles include: 1. Integrity 2. Transparency 3. Auditability 4. Accountability 5. Stewardship 6. Checks-and-Balances 7. Standardization 8. Change Management Accountants already are familiar with applying many of the principles above to the financial data that they work with in a regular basis. Becoming involved in a data management or data governance initiatives provides the opportunity to apply these principles into other parts of the organization. This document provides an overview to help accountants understand the potential value that data management and data governance initiatives can provide to their organizations, and the critical role that accountants can play to help ensure these initiatives are a success. Primary data management functions include: 1. Data Governance 2. Data Architecture Management 3. Data Development 4. Database Operations Management 5. Data Security Management 6. Reference & Master Data Management 7. Data Warehousing & Business Intelligence Management 8. Document & Content Management 9. Meta Data Management 10. Data Quality Management 2

What is Data Management and Why is It Important? The definition provided by the Data Management Association (DAMA) is: Data management is the development, execution and supervision of plans, policies, programs and practices that control, protect, deliver and enhance the value of data and information assets. 1 Data management plays a significant role in an organization s ability to generate revenue, control costs and mitigate risks. Successfully being able to share, store, protect and retrieve the ever-increasing amount of data can be the competitive advantage needed to grow in today s business environment. Managing customer data results in improved customer relationships, which ultimately drives revenues. While expanded data storage requirements have increased equipment investments; there also are many other hidden costs associated with data management. Some of these costs include power consumption, cooling requirements, installation, cabling, backup management and data recovery. Inherent within all of these costs is the need for more time and space leading to increases in payroll and occupancy expenses. Lastly, but just as important, data management plays a key role in helping an organization mitigate risks. For example, establishing a formal data retention policy can help decrease storage costs and reduce litigation risks. How Does Data Management Compare to Information Management? Data are just facts. In IT processes, data are generally represented as content in a field. Data, for example, can be the amount of money for a check, a bank balance or an amount for an income statement or balance sheet account. Data become information when they are structured to provide context and meaning. Information for a payment is the combination of the data for the amount paid, date of the transaction, bank account charge and the payee. Management of data generally focuses on the defining of the data element and how it is structured, stored and moved. Management of information is more concerned with the security, accuracy, completeness and timeliness of multiple pieces of data. These are all concerns that accountants are trained to assess and help manage for an organization. 1 The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.4 3

What Are the Functions of Data Management? Per DAMA, the following are 10 primary functions related to a comprehensive data management program 2 : 1 Data Governance: The exercise of authority, control and shared decision-making (planning, monitoring and enforcement) over the management of data assets (See What is Data Governance? on page 6 for more detail) 2 Data Architecture Management: The development and maintenance of enterprise data architecture within the context of all enterprise architecture, and its connection with the application system solutions and projects that implement enterprise architecture 3 Data Development: The data-focused activities within the system development lifecycle (SDLC), including data modeling and data requirements analysis, design, implementation and maintenance of databases and data-related solution components 4 Database Operations Management: Planning, control and support for structured data assets across the data lifecycle, from creation and acquisition through archival and purge 5 Data Security Management: Planning, implementation and control activities to ensure privacy and confidentiality and to prevent unauthorized and inappropriate data access, creation or change 6 Reference & Master Data Management: Planning, implementation and control activities to ensure consistency of contextual data values with a golden version of these data values 7 Data Warehousing & Business Intelligence Management: Planning, implementation and control processes to provide decision support data and support knowledge workers engaged in reporting, query and analysis 8 Document & Content Management: Planning, implementation and control activities to store, protect and access data found within electronic files and physical records (including text, graphics, image, audio and video) 9 Meta Data Management: Planning, implementation and control activities to enable easy access to high quality, integrated meta data 10 Data Quality Management: Planning, implementation and control activities that apply quality management techniques to measure, assess, improve and ensure the fitness of data for use While many of the above functions may appear to be technical (i.e., needs to be done by the IT department), note that all of the functions except Data Architecture Management (No. 2) and Data Development (No. 3) include a reference to the word control in their description. Thus each of the areas involves assessment of risk of the function and design of control points to help manage the processes all areas where an accountant can help provide expertise. 2 Ibid., pp.337-338 4

How Can an Organization Understand What Data It Needs to Manage? Most organizations today are inundated with data, the volume of which is increasing at an alarming rate. It is vital, therefore, to determine which data are most relevant and essential from an enterprise-wide perspective. Yet, surprisingly few have performed a data inventory or documented the locations where their important data are stored. Some of this has been captured in an electronic format and resides within an application data file on a corporate network server. It may also be stored in a spreadsheet or file on an employee s desktop computer or on a corporate laptop. Some data may only exist in hard copy format stored in a file cabinet and accessed infrequently. Data exist in a variety of formats, and include information found in business documents such as contracts and invoices, customer data, employee records, financial data and intellectual property. 5

How Does an Organization Know What Data Are Important? To help identify data that are vital to the enterprise, consider the following questions. Additions or modifications may be made as needed to meet an organization s circumstances due to relevant privacy and security considerations. Are the data used in performing a major system-wide operation, role or responsibility? Are the data relevant to the strategic planning needs of the company? Are the data needed for corporate decision making? Are the data included in an official system-wide report? Are the data required by regulatory authorities? Are the data used to derive an element used in one of the previous criteria? Are the data disseminated internally only or made available outside the organization? Identification and classification of the enterprise s critical data should be performed by a team of senior-level representatives from each line of business or department. These team members must have knowledge of the relevant contributing business systems and processes, and the requirements of their respective stakeholders. How Does an Organization Document Its Data? It is important to organize the information gathered about the organization s data in documents that can be easily updated and maintained, and that will aid in making the data management information actionable. Spreadsheets or tabular formats are frequently utilized for this purpose. Suggested documentation may include: Data Requirements Matrix: Identifies data and reporting requirements by constituency Data Category Analysis: Identifies existing reports, data sources and nature/usage Report Matrix: Identifies data elements, documents computations or derived data, and network paths/servers/files or other locations where the data is stored As the information is gathered, it should be validated against the organization s business rules and policies. Requirements should be prioritized, planned future data identified and any data inconsistencies remediated. Software tools may be utilized to aid in the data validation process. These deliverables will be useful in designing comprehensive enterprise data retention policies and procedures and in assessing compliance with those policies. Executive sponsorship also is important to ensure that the effort aligns with the enterprise s strategic business plans and to demonstrate management s recognition of, and commitment to, the importance of this undertaking. The project team should categorize and prioritize data according to what is currently most important to the organization. 6

What is Data Governance? Accountants can play a key role in enabling Data Governance, and ensuring that it is aligned with an organization s overall corporate governance processes. DAMA defines Data Governance as: The exercise of authority, control and shared decision-making (planning, monitoring and enforcement) over the management of data assets. Data Governance is high-level planning and control over data management. 3 The objectives of data governance are to: A. Enable better decision-making B. Reduce operational friction C. Protect the needs of data stakeholders D. Train management and staff to adopt common approaches to data issues E. Build standard, repeatable processes F. Reduce costs and increase effectiveness through coordination of efforts G. Ensure transparency of processes According to the Data Governance Institute, Data Governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods. 4 Both definitions essentially focus on the high-level process by which decisions related to the management of data are made, and the use of its associated information. What Are the Functions of Data Governance? Under the DAMA model, Data Governance represents two primary functions: 1. Data Management Planning Identify Strategic Enterprise Data Needs Develop & Maintain the Data Strategy Establish the Data Management Professional Organizations Identify & Appoint Data Stewards Establish Data Governance & Stewardship Organizations Develop, Review & Approve Data Policies, Standards and Procedures Review & Approve Data Architecture Plan and Sponsor Data Management Projects & Services Estimate Data Asset Value & Associated Data Management Costs 2. Data Management Supervision & Control Supervise the Data Management Professional Staff & Organizations Coordinate Data Governance Activities Manage & Resolve Data Related Issues Monitor & Ensure Regulatory Compliance Monitor Conformance with Data Policies, Standards and Architecture Oversee Data Management Projects & Services Communicate & Promote the Value of Data Assets Note that like Data Management functions, Data 3 The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.19 4 Data Governance Institute, datagovernance.com/adg_data_governance_definition.html 7

Governance functions are primarily non-technical in nature and similar to the normal corporate governance functions that many accountants are used to facilitating. What Are the Principles of Data Governance? The following principles are imbued in all successful Data Governance and Stewardship programs, processes and projects. They are the principles that help stakeholders come together to resolve the types of data-related conflicts that are inherent in every organization. 5 1 Integrity: Data Governance participants will practice integrity with their dealings with each other; they will be truthful and forthcoming when discussing drivers, constraints, options and impacts for data-related decisions. 2 Transparency: Data Governance and Stewardship processes will exhibit transparency; it should be clear to all participants and auditors how and when data-related decisions and controls were introduced into the processes. 3 Auditability: Data-related decisions, processes, and controls subject to Data Governance will be auditable; they will be accompanied by documentation to support compliance-based and operational auditing requirements. 6 Checks-and-Balances: Data Governance will define accountabilities in a manner that introduces checks and balances between business and technology teams as well as between those who create/collect information, those who manage it, those who use it, and those who introduce standards and compliance requirements. 7 Standardization: Data Governance will introduce and support standardization of enterprise data. 8 Change Management: Data Governance will support proactive and reactive Change Management activities for reference data values and the structure/use of master data and metadata. Accountants already are familiar with applying many of the principles above to the financial data that they work with in a regular basis. Becoming involved in a data management or data governance initiatives provides the opportunity to apply these principles into other parts of the organization. 4 Accountability: Data Governance will define accountabilities for cross-functional data-related decisions, processes and controls. 5 Stewardship: Data Governance will define accountabilities for stewardship activities that are the responsibilities of individual contributors, as well as accountabilities for groups of Data Stewards. 5 Data Governance Institute, http://datagovernance.comdg_data_governance_goals.html 8

What AICPA Resources Are Available to Guide a Data Management Initiative? AICPA IMTA Section members have the following additional resources available: Information: A Company s Most Valuable, Yet Mismanaged Asset, Robert Green, CPA.CITP and Scott Cooper, CMC, 2007 (article) IMTA Governance The Role of Internal Audit, Scott Kenny, CISA, CPA and Cheryl Strackeljahn, 12/9/2010 (archived webcast) Ensuring Data Quality and Auditability in Business Reporting, Donny Shimamoto, CPA, CITP and Rob Fisher, CPA, CITP, 9/29/2009 (archived webcast) Closing the Privacy GAPP Best Practices to Protect Your Data, Don Sheehy, CPA and Nancy Cohen, CPA, CITP, 3/23/2011 (archived webcast) Archived webcasts are available for IMTA Section members on this page. For more information about the AICPA IMTA Section membership, please visit aicpa.org/imta. 9

Copyright 2013 American Institute of CPAs. All rights reserved.

888.777.7077 imta@aicpa.org aicpa.org/imta 12 12985-378

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information